Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Password Encryption

Brian C

By Brian C
in The Left Brain

 Share

This topic is 7190 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Brian C Rising Star

Brian C

Posted
  • Author
Posted

I do not have much experience with encryption, so when I made a system that had it's own Users, Groups, etc for controlling security in accessed tables, I slapped together a quick solution that I was never really happy with. It used unstored calculation fields which parsed and converted one character to another. It was just a simple substitution of one character for another.

My question is this: Has anyone made public anything in FMP for password encryption? I know that FMP 7 has its own user/groups security now with passwords, but I am not going to be using the encryption for that purpose, so I still have the same problem of trying to find a better way of encrypting data on the fly.

If no one is able to post this type of information due to it being a company secret, could someone point me in a good direction at least so I can start to develop some solid ideas on how I could begin creating a better encryption solution?

Thanks!

Brian C Rising Star

Brian C

Posted
Posted

I do not have much experience with encryption, so when I made a system that had it's own Users, Groups, etc for controlling security in accessed tables, I slapped together a quick solution that I was never really happy with. It used unstored calculation fields which parsed and converted one character to another. It was just a simple substitution of one character for another.

My question is this: Has anyone made public anything in FMP for password encryption? I know that FMP 7 has its own user/groups security now with passwords, but I am not going to be using the encryption for that purpose, so I still have the same problem of trying to find a better way of encrypting data on the fly.

If no one is able to post this type of information due to it being a company secret, could someone point me in a good direction at least so I can start to develop some solid ideas on how I could begin creating a better encryption solution?

Thanks!

Brian C Rising Star

Brian C

Posted
  • Author
Posted

I do not have much experience with encryption, so when I made a system that had it's own Users, Groups, etc for controlling security in accessed tables, I slapped together a quick solution that I was never really happy with. It used unstored calculation fields which parsed and converted one character to another. It was just a simple substitution of one character for another.

My question is this: Has anyone made public anything in FMP for password encryption? I know that FMP 7 has its own user/groups security now with passwords, but I am not going to be using the encryption for that purpose, so I still have the same problem of trying to find a better way of encrypting data on the fly.

If no one is able to post this type of information due to it being a company secret, could someone point me in a good direction at least so I can start to develop some solid ideas on how I could begin creating a better encryption solution?

Thanks!

SteveB Mentor

SteveB

Posted
Posted

Hi Brian:

There is a free encryption plugin from David McKee at his site called web page that uses RC4 and above encryption. Altho his documentation is a little sparse, it's not hard to use.

Steve

SteveB Mentor

SteveB

Posted
Posted

Hi Brian:

There is a free encryption plugin from David McKee at his site called web page that uses RC4 and above encryption. Altho his documentation is a little sparse, it's not hard to use.

Steve

SteveB Mentor

SteveB

Posted
Posted

Hi Brian:

There is a free encryption plugin from David McKee at his site called web page that uses RC4 and above encryption. Altho his documentation is a little sparse, it's not hard to use.

Steve

Brian C Rising Star

Brian C

Posted
  • Author
Posted

Thanks for the link!

I will start going over the included source code to see what I can figure out. It gives me a starting point in any case.

While plugins are great, I need to do something on my own within FMP for 2 reasons:

1) The solution needs to run via a web interface if at all possible as well as FMP for Windows, OSX or Linux.

2) I need to be able to guarantee compatability as well as future support for anything I develop.

Much of the development I do is for government and financial institutions. They want guarantees of long term compatability. They are very slow to change, and many come from mainframe enviornments and thus have an all or nothing single solution mentality when approaching newer technology.

To say I need a plug-in to do a specific function, to them translates to a weakness in either my skills, or in the product I am developing their solution in. It is all very political I know, but these are the cards I have been delt.

As a result, anything I create has to have some guarantee it will still be running for years to come regardless of upgrades in the software. They understand conversion issues from one version of the product to the next, but are very wary of relying on a 3rd party components. They dont like it when I cannot guarantee in writing that the 3rd party company will still support their product or upgrade it for years to come.

Brian C Rising Star

Brian C

Posted
  • Author
Posted

Thanks for the link!

I will start going over the included source code to see what I can figure out. It gives me a starting point in any case.

While plugins are great, I need to do something on my own within FMP for 2 reasons:

1) The solution needs to run via a web interface if at all possible as well as FMP for Windows, OSX or Linux.

2) I need to be able to guarantee compatability as well as future support for anything I develop.

Much of the development I do is for government and financial institutions. They want guarantees of long term compatability. They are very slow to change, and many come from mainframe enviornments and thus have an all or nothing single solution mentality when approaching newer technology.

To say I need a plug-in to do a specific function, to them translates to a weakness in either my skills, or in the product I am developing their solution in. It is all very political I know, but these are the cards I have been delt.

As a result, anything I create has to have some guarantee it will still be running for years to come regardless of upgrades in the software. They understand conversion issues from one version of the product to the next, but are very wary of relying on a 3rd party components. They dont like it when I cannot guarantee in writing that the 3rd party company will still support their product or upgrade it for years to come.

Brian C Rising Star

Brian C

Posted
  • Author
Posted

Thanks for the link!

I will start going over the included source code to see what I can figure out. It gives me a starting point in any case.

While plugins are great, I need to do something on my own within FMP for 2 reasons:

1) The solution needs to run via a web interface if at all possible as well as FMP for Windows, OSX or Linux.

2) I need to be able to guarantee compatability as well as future support for anything I develop.

Much of the development I do is for government and financial institutions. They want guarantees of long term compatability. They are very slow to change, and many come from mainframe enviornments and thus have an all or nothing single solution mentality when approaching newer technology.

To say I need a plug-in to do a specific function, to them translates to a weakness in either my skills, or in the product I am developing their solution in. It is all very political I know, but these are the cards I have been delt.

As a result, anything I create has to have some guarantee it will still be running for years to come regardless of upgrades in the software. They understand conversion issues from one version of the product to the next, but are very wary of relying on a 3rd party components. They dont like it when I cannot guarantee in writing that the 3rd party company will still support their product or upgrade it for years to come.

SteveB Mentor

SteveB

Posted
Posted

The plugin is free, and it follows government standards for encryption. The protocols are RC4, RC6 and DES. I doubt very much that we could reproduce what is at least a few hundred lines of C++ directly in FM. I can give you a simpler encryption routine that can be scripted, but it won't be nearly as secure as the results the plugin returns. In my own solution, I use RC4 which returns 2 characters for every one input, and if you change the encryption key based on some procedure, like a user name, date, or serial # it would be very hard to break.

Steve

SteveB Mentor

SteveB

Posted
Posted

The plugin is free, and it follows government standards for encryption. The protocols are RC4, RC6 and DES. I doubt very much that we could reproduce what is at least a few hundred lines of C++ directly in FM. I can give you a simpler encryption routine that can be scripted, but it won't be nearly as secure as the results the plugin returns. In my own solution, I use RC4 which returns 2 characters for every one input, and if you change the encryption key based on some procedure, like a user name, date, or serial # it would be very hard to break.

Steve

SteveB Mentor

SteveB

Posted
Posted

The plugin is free, and it follows government standards for encryption. The protocols are RC4, RC6 and DES. I doubt very much that we could reproduce what is at least a few hundred lines of C++ directly in FM. I can give you a simpler encryption routine that can be scripted, but it won't be nearly as secure as the results the plugin returns. In my own solution, I use RC4 which returns 2 characters for every one input, and if you change the encryption key based on some procedure, like a user name, date, or serial # it would be very hard to break.

Steve

Brian C Rising Star

Brian C

Posted
  • Author
Posted

I wonder if this is the same David McKee I used to know many years ago...

Boy that is a trip down memory lane.

The David I knew was programming in Symantec C and running a bulletin board on a Mac SE back in the day while I was still messing around with different variations of Basic and making animated ascii screens for bulletin boards smile.gif. No internet because DARPA net was run by the gov back then and 1200/2400 baud modems for dialing up to bulletin boards cost a small fortune.

Those were the days! smile.gif

Brian C Rising Star

Brian C

Posted
  • Author
Posted

I wonder if this is the same David McKee I used to know many years ago...

Boy that is a trip down memory lane.

The David I knew was programming in Symantec C and running a bulletin board on a Mac SE back in the day while I was still messing around with different variations of Basic and making animated ascii screens for bulletin boards smile.gif. No internet because DARPA net was run by the gov back then and 1200/2400 baud modems for dialing up to bulletin boards cost a small fortune.

Those were the days! smile.gif

Brian C Rising Star

Brian C

Posted
  • Author
Posted

I wonder if this is the same David McKee I used to know many years ago...

Boy that is a trip down memory lane.

The David I knew was programming in Symantec C and running a bulletin board on a Mac SE back in the day while I was still messing around with different variations of Basic and making animated ascii screens for bulletin boards smile.gif. No internet because DARPA net was run by the gov back then and 1200/2400 baud modems for dialing up to bulletin boards cost a small fortune.

Those were the days! smile.gif

SteveB Mentor

SteveB

Posted
Posted

At one time he was an employee or a consultant to FMI (I believe). I used to seem him on these forums, but he hasn't been around in a while.

I remember and used 300 Baud modems, and started on a 10 CPS Teletype equipped with a paper tape...talk about primitive!!!

Steve

SteveB Mentor

SteveB

Posted
Posted

At one time he was an employee or a consultant to FMI (I believe). I used to seem him on these forums, but he hasn't been around in a while.

I remember and used 300 Baud modems, and started on a 10 CPS Teletype equipped with a paper tape...talk about primitive!!!

Steve

SteveB Mentor

SteveB

Posted
Posted

At one time he was an employee or a consultant to FMI (I believe). I used to seem him on these forums, but he hasn't been around in a while.

I remember and used 300 Baud modems, and started on a 10 CPS Teletype equipped with a paper tape...talk about primitive!!!

Steve

Brian C Rising Star

Brian C

Posted
  • Author
Posted

My thanks for the referral to the post on encryption Ender. Great stuff! I'll give it a good looksee tomorrow after some sleep and a good dose of coffee smile.gif

Brian C Rising Star

Brian C

Posted
  • Author
Posted

My thanks for the referral to the post on encryption Ender. Great stuff! I'll give it a good looksee tomorrow after some sleep and a good dose of coffee smile.gif

Brian C Rising Star

Brian C

Posted
  • Author
Posted

My thanks for the referral to the post on encryption Ender. Great stuff! I'll give it a good looksee tomorrow after some sleep and a good dose of coffee smile.gif

BobWeaver Grand Master

BobWeaver

Posted
Posted

Brian, if you want any kind of real security, I think you're going to have to use FM7 and run off a server. While David McKee's plug-in uses industry standard secure encryption algorithm's it's still very difficult to implement a robust security system in FM 6. It's like putting the world's most secure vault door on a cardboard box. Hackers don't have to go in through the door.

If you must use FM 6, and it's a web application, then there are still web server interfaces to Filemaker such as Lasso which can be set up quite securely, or so I'm told.

BobWeaver Grand Master

BobWeaver

Posted
Posted

Brian, if you want any kind of real security, I think you're going to have to use FM7 and run off a server. While David McKee's plug-in uses industry standard secure encryption algorithm's it's still very difficult to implement a robust security system in FM 6. It's like putting the world's most secure vault door on a cardboard box. Hackers don't have to go in through the door.

If you must use FM 6, and it's a web application, then there are still web server interfaces to Filemaker such as Lasso which can be set up quite securely, or so I'm told.

BobWeaver Grand Master

BobWeaver

Posted
Posted

Brian, if you want any kind of real security, I think you're going to have to use FM7 and run off a server. While David McKee's plug-in uses industry standard secure encryption algorithm's it's still very difficult to implement a robust security system in FM 6. It's like putting the world's most secure vault door on a cardboard box. Hackers don't have to go in through the door.

If you must use FM 6, and it's a web application, then there are still web server interfaces to Filemaker such as Lasso which can be set up quite securely, or so I'm told.

Brian C Rising Star

Brian C

Posted
  • Author
Posted

I will be using Server 7 Advanced for everything, however Im looking to encrypt field data specifically for purposes other than a user accounts scenerio.

I have read a lot regarding FMP6's holes due to its weaknesses to network attacks and applescript hacking. So everything I am developing is being done with FMP 7 in mind for the conversion.

Is there a need to still use a 3rd party interface like lasso for server 7 if you are upgrading to Sever 7 Advanced? I'm hoping to do away with lasso when I make the leap but have not had time to take a serious look at Server 7 Advanced as of yet. For the moment its pretty much shelf-ware until I can make the time in a few months to begin serious conversions.

Brian C Rising Star

Brian C

Posted
  • Author
Posted

I will be using Server 7 Advanced for everything, however Im looking to encrypt field data specifically for purposes other than a user accounts scenerio.

I have read a lot regarding FMP6's holes due to its weaknesses to network attacks and applescript hacking. So everything I am developing is being done with FMP 7 in mind for the conversion.

Is there a need to still use a 3rd party interface like lasso for server 7 if you are upgrading to Sever 7 Advanced? I'm hoping to do away with lasso when I make the leap but have not had time to take a serious look at Server 7 Advanced as of yet. For the moment its pretty much shelf-ware until I can make the time in a few months to begin serious conversions.

Brian C Rising Star

Brian C

Posted
  • Author
Posted

I will be using Server 7 Advanced for everything, however Im looking to encrypt field data specifically for purposes other than a user accounts scenerio.

I have read a lot regarding FMP6's holes due to its weaknesses to network attacks and applescript hacking. So everything I am developing is being done with FMP 7 in mind for the conversion.

Is there a need to still use a 3rd party interface like lasso for server 7 if you are upgrading to Sever 7 Advanced? I'm hoping to do away with lasso when I make the leap but have not had time to take a serious look at Server 7 Advanced as of yet. For the moment its pretty much shelf-ware until I can make the time in a few months to begin serious conversions.

David McKee (Protolight) Contributor

David McKee (Protolight)

Posted
Posted

I'm still here at FMI, which keeps me horrendously busy. The plugin uses RC4 and presents the encrypted bytes as hex I believe, I think I made the source available either on my site or on another plugins site. So assuming you can find some javascript for RC4, you could still use the plugin even for web enabled solutions.

Hope this helps!

-Dave

David McKee (Protolight) Contributor

David McKee (Protolight)

Posted
Posted

I'm still here at FMI, which keeps me horrendously busy. The plugin uses RC4 and presents the encrypted bytes as hex I believe, I think I made the source available either on my site or on another plugins site. So assuming you can find some javascript for RC4, you could still use the plugin even for web enabled solutions.

Hope this helps!

-Dave

David McKee (Protolight) Contributor

David McKee (Protolight)

Posted
Posted

I'm still here at FMI, which keeps me horrendously busy. The plugin uses RC4 and presents the encrypted bytes as hex I believe, I think I made the source available either on my site or on another plugins site. So assuming you can find some javascript for RC4, you could still use the plugin even for web enabled solutions.

Hope this helps!

-Dave

Brian C Rising Star

Brian C

Posted
  • Author
Posted

David! Long time no see! Just got your PM, responded and just now saw this post! smile.gif

Good to see ya and thanks for the info! I only dabble in java and c but I can usually figure out anything given time. smile.gif

Very awesome that you work for FMI! For all the hard work I remember you putting in early on, I'm very glad to see that it has paid off for you! Kudos and Congrats!

All those books for MPW and Inside Macintosh were a bit intimidating to me back then. So I wimped out and went the mainframe route in programming early on. wink.gif But hey it was a job! smile.gif It helps me now in any case with converting software off of legacy systems.

As for the encryption, I'm trying to make sure I have all my ducks in a row before my big push into v7 so that I can make sure I can keep my nose above the waterline when the deadlines come looming over me like a grim reaper. I will be sure to post what I wind up figuring out in any case as soon as I can.

Ciao!

Brian C Rising Star

Brian C

Posted
  • Author
Posted

David! Long time no see! Just got your PM, responded and just now saw this post! smile.gif

Good to see ya and thanks for the info! I only dabble in java and c but I can usually figure out anything given time. smile.gif

Very awesome that you work for FMI! For all the hard work I remember you putting in early on, I'm very glad to see that it has paid off for you! Kudos and Congrats!

All those books for MPW and Inside Macintosh were a bit intimidating to me back then. So I wimped out and went the mainframe route in programming early on. wink.gif But hey it was a job! smile.gif It helps me now in any case with converting software off of legacy systems.

As for the encryption, I'm trying to make sure I have all my ducks in a row before my big push into v7 so that I can make sure I can keep my nose above the waterline when the deadlines come looming over me like a grim reaper. I will be sure to post what I wind up figuring out in any case as soon as I can.

Ciao!

This topic is 7190 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept