Hey Comment,

Your right.

Think i should pose this to Steven? Like he doesn't have enough to do... or poll it on Forum Feedback.

what do you think ... should i put in the request for the Intellectual Property sub category of Security Concepts?

Security Concepts > Intellectual Property

or

Security Concepts > Intellectual Property Protection

or

Security Concepts > Intellectual Property Concepts

or

Security Concepts > Intellectual Property Techniques

or

Security Concepts > Intellectual Property Methodology

best

Stuart

Actually i think this is really important so i am gonna go ahead and put in the request

This one sounds good:

Security Concepts > Intellectual Property Protection

Ignore that last bit.

Edited December 10, 200619 yr by Guest

You can vote or disagree here ... YAY A POLL

http://fmforums.com/forum/showtopic.php?tid/182890/

My point was to highlight that the best approach for an Activation Code would be to combine to dual aims of securing intellectual property and building different "levels" of access into your solution. In terms of access there is enough in-built security with priviledge sets (and fine tuning them) to keep data secure and prevent one user from attempting to access records/layotus etc from a higher level. The issue I wanted to highlight was how do you securely promote a user from one access level to another via secure scripting? And surely this must be done best by combining it with a method that allows software activation, isn't it?

I am nervous about approaching these two aims from two different perspectives because I believe they are the same, sort of! Therefore I do not think the security forum requires splitting at this time.

There is gap in Filemaker (or is that flaw?) that simplisitically assumes that all users only ever need one priviledge set and never change it, at least not without incurring some kind of security hole. Yes there is ability to change a users priviledge set using scripts but there isn't a built-in security check, nor is there any kind of built-in validation. At the moment the checks are coded by hand, as is the "validation" and therefore it's open to human error on the developer side and hacking on the user side.

Filemaker hasn't been designed to do much beyond handle data, which is does exceedingly well. Despite the changes and improvements regarding security to FM7 I still do not think it has caught up in terms of providing the flexibilty that developers demand once their solution gets released. This applies to parts of security as well as other neglected areas. Custom login screens, proper "user promotion", built-in timed demo, fully customized menus, decent GUI options...I guess the wish list for later versions of FIlemaker will get some new additions. Again. Do they ever read them?

Data security is not synonymous with Intellectual property security, in one you are protecting your clients investment, in the other you are protecting yours as a developer -- namely to dealing with piracy, theft and distribution issues.

Edited December 12, 200619 yr by Guest

Thats my point - in order to protect your intellectual property you must presently employ methods that rely upon protecting data (i.e. the data held by your solution that validates a registered user, or not). The two are currently co-dependent and in my opinion should remain so.

I really don't see how they are co-dependent... Here's the issue, the user gives the file to someone else with their login and password... Sure the data is secure, but how does it help you?

New idea, why not just have a 30 times open thing.. or wipe all data each time it closes, or something like that, until they "activate" it. At least that way you get rid of the chance of them changing the date on you.