Security Demo

[Vaughan]

This is a demo file to explore and test the FMP 7 security, and try out its new window handling features. The file is a simple address book. Its main aim is to demonstrate user accounts and user groups. It has only been tested on MacOS X 10.2.8 feedback from PC users is appreciated especially regarding the multiple windows stuff.

The brief was for users from the same group to be able to read and modify records created by users from the same group, but to be only able to read records from other groups.

There are four "user" accounts. Login a couple of times as different users, create records, see how access is limited depending on the user's group. The names and passwords are:

HR1; user

IT1; user

IT2; user

SAL1; user

There is also an administrator account which can view and edit all records and add users and groups to the file. Check the Scripts menu when logged-in. The user account and group management system is the most complicated part of the system. The administrator account is:

admin; admin

Finally there is a root account with full access privileges. The administrator does not have full access however to edit scripts or modify layouts. Only the root account can do this. The root account is:

root: root

This is a stripped down version of a larger document management system I am developing from the ground up in FMP 7, though a version exists in FMP 6 I am not converting it over, instead rebuilding from scratch. During the stripping-down process I may have missed a few things and caused others to break, so let me know what needs fixing.

Please try to crack the solution and suggest alternatives for better security. Also feel free to use it for yourself.

Version: v7.x

Platform: Mac OS X Jaguar

FMP 7 Security Demo.zip

[Reed]

I like the way you made layouts for each different access level so you don't see the <No Access> message in the fields. I added Freeze Window steps to the nav buttons so you don't get the <No Access> flash when you move through records.

I have been thinking of taking this one further and performing a find so that only records the user has access to will appear on startup. I guess all subsequent finds would have to be scripted to start and constrain that found set, and all menu access (like show all records) would have to be disabled.

I have a mac so I can't speak to how this works on windows.

Dana

[MoonShadow]

Thank you for sharing this with us, Vaughan, I really appreciate it. This is exactly what I am currently addressing in the new FM7 design.

Version: Developer v7

Platform: Windows XP

[Singlequanta]

So far so good;

I've run it through a Hex editor and a few other things. I haven't been able to extract the usernames and passwords from within the file Thats gotta be a good thing.

SG

[Singlequanta]

Hey Vaughn - I've been playing with your demo on Windows XP and it looks just fine. Is there anything in particular you would like me to look at re multiple windows or general layout? If you would like, I can set up a terminal server on XP for you to have access to from your mac to muck around with it....

Steve

[Vaughan]

"I haven't been able to extract the usernames and passwords from within the file"

That's because the passwords aren't stored in the UserNames table (or is it called User Accounts, I forget) or any table in the file at all! Passwords (or as FMI is keen to point out, their hashes) only live in the file's Accounts and Privileges which FMP manages itself. This was a conscious decision, I could have easily stored them in a field.

In fact it would have made the process os chaning the user type much nicer -- as it is now I need to reset the password because in order to change the privilege set you need to delete then create the account again. But on balance I went for stronger security over convenience.

The trick is that the real user acounts have to be made through the "Users and Groups" interface to ensure that the UserNames records accurately mirror the real accounts in the file's Accounts and Privileges. During development it was easy for them to get out of sync, but the system is working pretty well now.