Security -- what am I missing here?

[DanBrill]

FM 7.0v2 Dev. on XP Pro.

I must be missing something. Say I have a file called "Data". It has one user account with a password that no one else knows. Some evil doer comes along and creates a new file called "Raider". They define a file reference to Data and they can pull out all of its tables, despite the fact that they don't know the password for Data.

Isn't there any way from within Data to prevent someone from hacking in with a new Raider file (outside of totally restricting access to the folder at the OS level)? It seems like they should have to have a valid user name and password as defined within Data in order to get to its tables. But this isn't the case.

This could be trouble in smaller offices where multiple people are using the same computer and not everyone is careful about OS level passwords, folder permissions, etc.

This seems dangerous....

Dan

[The Shadow]

If you restrict data with field-level privs so only your user account can read it, then Raider cannot pull out the data. If you restrict your tables so only your user can read them, then Raider cannnot access them to put them in their graph.

The access control needs to be on the data itself and not the layouts, since Raider doesn't need to use your layouts / scripts.

[The Shadow]

Here's a file I made, [Guest] account has read-only access to one table which explains the schema for all three tables. One "protected" has no access for Guest at all, the other "partial" has two fields, "data" and "secret", "data" is read-only and "secret" has no access at all.

The challenge then, what is the data contained in:

protected::data

and / or:

partial::secret

[DanBrill]

Hmm. Still confused. I see how to restrict User's privelege set so that it can either get at a table or not, but how do I set a table to be restricted to only certain privelege sets or user accounts?

Thanks,

Dan

[DanBrill]

Hey -- posted that before I had seen you post your example. Will play with that tomorrow.

Now... getting weak... must sleep...

Thanks again,

Dan

[DanBrill]

Oh, one last thing -- what is the FullAccess password so I can actually see how you set this up?

Thanks,

Dan

zzzzzzzzzzz.....

[The Shadow]

When you edit a privilege set, one of the choices for Records is "Custom privileges..." - that pops up a new dialog that lets you control each tables privileges indepentently.

From *that* dialog, the last column is "Field Access", which can be set to "limited..." which pulls up yet another dialog that allows the settings to be modified indepentently for each field.

From some quick experimentation: tables with no access don't appear in lists, ditto for fields with no access, and scripts with no access aren't listed in the scripts menu - tight as a drum.

Each privilege set has its own set of allowed objects it can access and in what way, and then in the accounts tab you just choose one of the named privilege sets for each user account.

[The Shadow]

Oh, one last thing -- what is the FullAccess password so I can actually see how you set this up?

What, you must think I just fell off the turnip truck? That takes all the challenge out of it.

Oh, okay - here's another copy that I've changed the Admin password to "Admin", but modified the data in the protected fields - so the original challenge still stands for anyone who is interested.

I've also added a new table that has full create/edit/delete access for guest, and it does an Evaluate() of its first field into the second.

[DanBrill]

Hey,

Thanks. It has all been made clear to me. Everything is working just right.

Thanks again,

Dan