Passwords

[Lawrence Leichtman]

I decided for some unknown reason to add a password to my multifile medical database. The password protection did not go where I thought and is only protecting my patient visit files not the patient data, labs, x-ray, correspondence files etc. Trouble is that the password I put in all lower case is not being recognized. I back up from my Powerbook to my desktop through a firewire drive that then acts as an extra backup and backup at .mac as well. I can run the whole program including the supposed password protected file on the desktop but can't get into the patient visit file on my laptop. i tried re-installing Filemaker 7 but to no avail. I even considered going to Filemaker 8 though have no good reason up till now. Is there anything I can do to get this file back. I have tried every iteration of the password I can think of but no luck;. Any help would be appreciated. I am quite perplexed.

[Reed]

Is the password stored in the OS X keychain on your desktop machine? If it is in the keychain you won't be prompted for a password. Once the file is open on the desktop machine, you can go to File:Define:Accounts and Privileges, and change the password.

You could also go to the keychain access utility for OS X, and find the password for the file.

If the password is really lost, then reinstalling FM or upgrading to v8 isn't going to help.

If you want to password protect a multi-file system, you have to define the accounts in each file separately(this can be scripted), or use Filemaker Server and External Authentication.

[Genx]

lol yeh, i almost locked myself and a whole office out of a solution once ... but once its gone its gone...

[Reed]

I forgot to mention, that you can reset a lost password in a file (as long as you haven't used the developer tool on it) using this product:

http://www.lostpassword.com/filemaker.htm

[Genx]

The fact that this software is available is not very comforting to me for some reason.

~Genx

[Ender]

That's why physical security of database files is just as important as the network security and passwords. Servers should be in a locked room. Database archives should be locked up.

[Genx]

So basically your saying this software can't get the password of a hosted file?

~Genx

[Ender]

So basically your saying this software can't get the password of a hosted file?

Correct.

[Genx]

Ok, well that is somewhat more comforting in that case, thanks Ender.

~Genx

[Vaughan]

"So basically your saying this software can't get the password of a hosted file?"

Everybody take note: versions of FMP 7 and later DO NOT store the passwords in the files. They store *hashes* of the passwords, which are a kind of encrypted copy of the password. So it is not possible for any utility to "get the password out" of a FMP 7 or later file.

I believe these utilities work by overwriting the part of the file where the hash usually lives with the hash of a known password, then opening the file with this known password. A very crude and brutal method of openeing the file, but it's not password recovery. (There is probably a special name for this technique, others more learned with security are welcome to chime in.)

Earlier versions (FMP 6 and earlier) did store the passwords in the file, and maybe also broadcast the passwords across the network in a very lightly encrypted format. That's why there are password-retrieval utilities for earlier versions of FMP.

Mr Steven Blackwell is THE authority on FileMaker Security. He occasionally frequents this forum as "Old Advance Man".