Encryption in the .fp5 world

[stanley]

Hello all:

I've been asked by a client to explore encryption possibilities for a FileMaker 5/6 system, running FileMaker Server 5. The only thing I've found is Troi's old Coding plug-in. While it does indeed encrypt and decrypt fields, it's going to be a bit clunky to use on an existing 3000 field database. Does anyone know of any other options out there? Due to OS limitations, the client is stuck for the forseeable future with FMP 5/6.

Thanks,

Stanley

[John Mark Osborne]

The Troi product is the only product I am aware of that I would trust.

[stanley]

John:

Yeah, I searched a good amount (in an afternoon) for other solutions, and that was the conclusion I came to. One problem I have with it is that the documentation is minimal, and (as I wrote above) it seems a bit clunky to apply to an existing solution. Unless I'm misreading how to use the plug-in, to apply it to the client's solution, I will have to put in Encrypt/Decrypt scripts for every layout, and then ensure that the data is re-encrypted when the user exits a record.

Perhaps I'm missing something.

-Stanley

[John Mark Osborne]

I believe with any encryption product you are going to have to encrypt and decrypt the information as the user needs it. But, I don't have much experience with this product. Troi does have a plug-in mailing list for technical issues that might be able to better help you. You can find it at their web site.

http://www.troi.com/

[Fitch]

If you don't think Troi's methods make sense, how would you envision the encrypt/decrypt process? You want a command to e/d every field on a layout? You'd have to script that yourself. You want it to happen when the user exits a record? You'd have to completely script the navigation, or use Troi Activator or WIM Events. Are you proposing to e/d 3000 fields each time a record is entered or exited? It will be too slow.

I have experience with Troi Coding, so let me know if you have specific questions.

Are you sure you can't accomplish what you want via Access Privileges?

[stanley]

Fitch:

Thanks. I'll probably send an email tomorrow if I'm pulling my hair out.

The problem is that the client is uncomfortable with FMP 5/6 sending data unencrypted over the network (over the internet, really), so the problem is to store the data encrypted on the FMS server, and then decrypt it at the client end.

I'm still getting to grips with Troi Coding, but the way I'm looking at it is that the fields (hopefully NOT all 3000, but just the identifying fields like Name, Address, SSN, Telephone, etc.) would be encrypted, and the client end the user enters the key, in which case they are unencrypted. The problem is that I believe they would now be unencrypted across the system, right? The only way to keep the cleartext version only on the local box would be to present the data as a global, in which case I would find myself rewriting a ton of this client's solution.

As I said, they're stuck on legacy systems, so upgrading to 8 (which would solve the whole problem) is not an option. Ugh.

I will look at this in more detail tomorrow in the hopes of getting a firmer grip on Troi Coding. If I'm way off base in my thinking, please feel free to straighten me out.

-Stanley

[Fitch]

I don't know how much you bill per hour, but by the time you rewrite all this you might just be better off upgrading to 8. Note that you will slow down performance when you enable SSL on FMS8.

You're right about using global fields to decrypt the data, that's how I handle credit card numbers in SmartPublisher, so unencrypted data never has to go across the network.