which security system?

[michaelzap]

Hello -

I'm building a donor database for a small foundation, and I'm wondering whether I should use FM's standard password/permission protection or build a custom one.

The situation: The database will contain sensitive information (don't they all?), such as credit card numbers. It is generally only accessed by three people: the donations coordinator, her assistant, and her superior. For these three folks all that's needed are two passwords - one with complete access and one with slightly more restriced access. However, once a year the foundation brings in volunteers to answer phones and enter donations in the database. I want to script this process to control it (check for duplicates, bad entries, etc.), and I also want to record each volunteer's user name (can do with FM, but would have to change in FM every time a new person uses the same computer, right?). And of course I don't want these volunteers to have access to all sorts of things (credit card numbers being the obvious one), although they can enter them.

So I'm wondering whether I need a custom logon script. I'd like to keep the database as simple as possible, so I'm inclined to try to get away without it, but would that be far less secure? What are the pros and cons, as y'all see them?

Additionally, how does this issue change (if at all) if the volunteers access the database using a web browser over the intranet instead of using copies of FM?

THANKS in advance for your replies!

[proton]

quote:

---

Originally posted by michaelzap:

Hello -

I'm building a donor database for a small foundation, and I'm wondering whether I should use FM's standard password/permission protection or build a custom one.

The situation: The database will contain sensitive information (don't they all?), such as credit card numbers. It is generally only accessed by three people: the donations coordinator, her assistant, and her superior. For these three folks all that's needed are two passwords - one with complete access and one with slightly more restriced access. However, once a year the foundation brings in volunteers to answer phones and enter donations in the database. I want to script this process to control it (check for duplicates, bad entries, etc.), and I also want to record each volunteer's user name (can do with FM, but would have to change in FM every time a new person uses the same computer, right?). And of course I don't want these volunteers to have access to all sorts of things (credit card numbers being the obvious one), although they can enter them.

So I'm wondering whether I need a custom logon script. I'd like to keep the database as simple as possible, so I'm inclined to try to get away without it, but would that be far less secure? What are the pros and cons, as y'all see them?

Additionally, how does this issue change (if at all) if the volunteers access the database using a web browser over the intranet instead of using copies of FM?

THANKS in advance for your replies!

---

michealzap,

A question:

Are you using Filemaker Access Privileges or the web security database? As you have them accessing using copies of Filemaker then I would assume that you are using access privileges.

If this is the case just create a couple of groups (e.g. volunteer A, volunteer B, etc.) and give all these groups the same security privileges. In the Overview security dialog box you can deny access to whatever fields you want. This should solve your problem.

Now as to your other question. Either way is good, but I think that most people would tell you to use the browser to access the database. If this is the case you need to know CDML or Lasso (LDML) to create the web pages. Of course, you can use instant web publishing but most people would not recommend it.

If it is only a couple times a year I would recommend just using copies of filemaker. However, if you are planning on building a website for the foundation and maybe people can go to the website and enter their own donations, or check how many donations they made and so on, then you will definitely have to consider creating a database driven website (i.e. CDML/LDML)

Hope this helps

[michaelzap]

THANKS!

I think you're probably right: I should stick to FM access privileges and just use FM for access to the database during this once-a-year event.

Questions:

If I don't use web browsers to access the main database, do we need to purchase a copy of FileMaker for each computer that accesses the database, or can we install the same copy on several computers?

What about tracking each individual user? A single computer will be used by several volunteers on any given day. Do y'all recommend asking for a user name at the beginning of the Donation Entry script (for each donation), or some other login method?

Why do people choose to use login scripts instead of the default FM? Is it somehow more secure? It would be nice if FM asked for a password associated with each individual user (as the Web Security Database does).

[proton]

quote:

---

Originally posted by michaelzap:

THANKS!

I think you're probably right: I should stick to FM access privileges and just use FM for access to the database during this once-a-year event.

Questions:

If I don't use web browsers to access the main database, do we need to purchase a copy of FileMaker for each computer that accesses the database, or can we install the same copy on several computers?

What about tracking each individual user? A single computer will be used by several volunteers on any given day. Do y'all recommend asking for a user name at the beginning of the Donation Entry script (for each donation), or some other login method?

Why do people choose to use login scripts instead of the default FM? Is it somehow more secure? It would be nice if FM asked for a password associated with each individual user (as the Web Security Database does).

---

michealzap,

Okay, here's the dip. Firstly, it is advisable to have buy a copy of filemaker for each computer. Now when I say this I'm assuming that you won't install it on many computers (i.e. less than 8 say). Filemaker offers volume licensing, but the lowest 'rung' starts at 10 users. That means you have one copy of the software and a 10 user license so you can install FM on up to 10 machines.

If you are considering installing on 8 or 9 still go with the volume license. If less than that, then you will probably have to buy individual copies of the program to install.

Now to the users. Filemaker doesn't ask for a username with the access privileges. It asks for a password. The Web Security Database asks for a username and a password. Now if several volunteers access the database from a single machine and you want to track them, then give each volunteer a different password. and when they are finished using the database they need to close it, thereby 'logging out'. When the next user comes they will have to open it and login again. Sounds tedious I know. But if you want to track them that's how you will have to do it.