Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 6570 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

Who Am I Trying to Protect?

Or more accurately what am i tring to protect and from who is a question spinning around my head at the moment.

I have tried to immerse myself in security in order to produce a pretty secure but flexible template from which i can build future solutions using specific rules that will leave my solutions as secure as possible.

I have listened to lots of advice and read many articals and papers and am kind of happy that i have now gotten to grips with the right way of approaching this topic (but not stupid enough to think i know everything).

I am now at a stage where the security required to secure my file does not allow me to give my clients the functionallity that they demand.

So I am back to a trade off or am I ?

Before moving on to the "or am I" i need to ask the main questions:

Q) What am i trying to protect and from who?

A) This answer is split up into many parts and the importance of these parts depends on who you are.

1. The Developer - As a developer i would like to be able to distribute my software without:

a) The solution being hacked or cracked

:) The number of seats being modified without permission

c) The Solution being illegally distributed

d) Having to modify/customize layouts myself

e) Having to modify user accounts and privileges myself

f) Allow my user to add seats when they purchase them (automated if at all possible)

2. The User Level Administrator - As a User Level Administrator the following conditions need to be met.

a) I can create and modify

a) I can set and customize read/write permissions on Tables according to the users level of access (job title) or needs (these are changable as roles change).

:) I can restrict or permit the export of data

c) I can restrict deletion or creation of records

3. The User

a) I can restict or permit access to specific records for users with lower levels of access to me.

4. Financial Controller (optional)

a) Grant read/write/create/delete permissions to users for access of files that contain sensitive financial data (this has to be above that of the administrator as it is never the case that an administrator has high enough level access to view or grant permission to sensitive company info such as Turnover, Account Balances, Salaries and Bonuses or set Budgets to name a few. These permissions must be flexible and fine tunable sometimes on a day to day and record by record basis. It is stupid to think my Financial Controller will ever do the work of the systems administrator.

Can i achieve all of these things without making my file structure open to abuse?

What can i acheve with FileMakers "Accounts & Privileges" (and is the use of extended privileges the way forward ... as i now think it is, or am i heading for a fall here too)

My solution will at this stage be built for Server Side Authentication. (This although removing my need to create scripts for creating or editing user accounts seems to leave my solution very vulnerable to theft)

I am going to write my own list as i understand it but it would be good to get the perspective of others.

Any thoughts or additions/subtractions?

Posted

This is pretty large topic and I have same questions...

First you can choose between FM runtime solution or FM native solution. Each one of them has some pros and cons...

a) The solution being hacked or cracked

I think that FM created great security system - more about that knows Steven H. Blackwell

:) The number of seats being modified without permission

I don't really understand what you mean but maybe is answer under f)

c) The Solution being illegally distributed

I use Get ( SystemNICAddress ) to read Network card number. There are also plug-ins which can read disk number or something else that you can use to check if user has copied solution to other system

d) Having to modify/customize layouts myself

In runtime you can't modify layouts and database. Otherwise it is done with account&privileges to restrict access only for developer.

e) Having to modify user accounts and privileges myself

You can create effective user friendly account&privileges system in FM

f) Allow my user to add seats when they purchase them (automated if at all possible)

There is function User Count that counts how many users are connected and you can use it to limit number of seats in solution.

I hope that this are some starting points for you...

I would also like to hear from others how they manage to increase security and distribute their solutions and updates.

Posted

Unfortunately, I do not have time today extensively to comment on this topic nor to give this thread the attention it deserves. But I will have more to say later.

For now, start at the beginning. It's what you want to protect that you must first identify. The whole idea is to assure the Confidentiality, Integrity, and Availability of digital assets, as well as to protect intellectual property. That's your starting point.

Steven

Posted

Hi Guys,

Thanks for your replys.

Steven, I think i have got to grips with the best way of approaching the core security issues.

I suppose i have just got to the stage where i can see no alternative but to add some Eratz type structure in order to create the functionality that my clients demand.

This is what i was trying to avoid... Although with restrictive permissions and the correct file structure i am beginning to think that it may be possible to deploy certain methods built on top of the main filemaker security structure that could provide this kind of functionality without being too vulnerable.

Maybe i should post some examples.

best

Stuart

This topic is 6570 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.