Log in procedure

[Stuart Taylor]

I am setting up a file an considering deploying external server authentication for the first time as it seems to be the suggested method for management and security.

I have a few questions.

1. If my user is logged on to there desktop and open my solution do they get challenged for there credentials again or does filemaker server automatically use the credentials of the logged on desktop?

This would concern me if someone leaves there desk and an unauthorised member of staff opens the database.

2. I would like to log user preferences ... would i have to use the AccountName as the ID for the preferences?

Note: The preferences will not store secure information only window positioning, navigation etc...

best

Stuart

[Steven H. Blackwell]

Yes to #1. That's the whole purpose. To prevent unattended access there areany number of thigns you can do, starting with locking the workstation at the OS level after so many minutesof inactivity.

Regarding # 2, the Get(AccountName) function will return the actual user Account name.

Check out the Tech Brief on External Server Authentication where all these and other issues are covered:

http://www.filemaker.com/support/upgrade/techbriefs.html

Steven

[Stuart Taylor]

Hi Steven,

Many thanks for the clarification.

I suppose my concern is that in the work place (or the work places i have worked in) a person with high level access (like a director) will often have an assistant.

It is common for that assistant to have access to their machine when the director is away travelling to check mail. This will often result in others sitting at that machine and in the past the solution would have different credentials to the machine so any attempt to login would prompt a request for their own credentials.

Anyone logging in like this would have high level access to the database without any challenge.

It is also true that people float around the building and often need to use the closest machine to show clients information... they will use the nearest machine to them. They will undoubtedly stumble upon information not meant for them.

Bad habits are hard to kill when you have no influence over the administration of the network as a whole.

[Steven H. Blackwell]

Well there are ways that SSO can be disabled, but they are pretty draconian and defeat SSO's purpose.

As for the Assistant's checking the email, that's what autoforwards are for.

Steven

[Wim Decorte]

To amplify what Steven is saying: you can solve this kinds of procedural issues very easily on the domain/network level, but when they are not solved there you can't solve them on the FileMaker level.

When desktops are left unlocked, anyone can not only get into the FM files for that user but also their shares, their mailboxes,... so it should be locked ath the machine level.