Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Securing your solution (security hole in FMP)

Deep Thought II
in FileMaker Pro v7 – v11

Featured Replies

i dont know whether this issue has been addressed before in FM or here, but here is an issue that's to be awared of if you have customized solutions distributed in some way.

this issue concerns the resetting of passwords for database files made with any version of FileMaker prior to FMP 7v3.

if admin rights are not stripped for the file, a program may "reset" its password and gain administrative access quickly.

in short, this issues concerns:

----- any database files made with FMP prior to 7v3, including runtime solutions

a small password resetting program allows the users to:

----- reset all passwords for all accounts in a database file in a short time (few seconds, actually)

----- gain administrative rights if admin access is not stripped from the file

Solutions to this issue (at the present) are:

----- recreate your database file in FMP 7v3

----- strip away admin account

----- protect your database file by hiding it somewhere

----- encrypt the file in some way using third-party softwares

----- pray that your users dont have such a program

----- etc.

however, any database files created with versions prior to FMP 7v3 are viable for being hacked. even if the admin rights are stripped from the database file, the user may still gain passwords of other accounts once the location of the database file is known.

*** the database file must be *created* in FMP 7v3, using "Recovery" or "File Maintainence" in FMD 7v3 does not convert the file to FMP 7v3.

There are readmes and at least one TechInfo article that states that using only passwords does not guarantee 100% security.

Physical security of the files (and the machine running FMS) is equally important as strong passwords.

Where did you hear about this? Has FMI acknowledged this?

  • Author

not sure if FMI has acknowledged this, but surely the changes they made in FM 7v3 indicates that they might be aware of it, tho not completely certain.

i became aware of one of such programs on internet recently.

I think that passaware does exactly what you said for $40 bucks. There should be some threads from about a month or so ago if you want more information.

Create an account or sign in to comment

https://fmforums.com/topic/27121-securing-your-solution-security-hole-in-fmp/
Go to topic listing

Similar Content

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.