Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 5689 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

Hi Guys,

I've been following this thread with interest and have a question.

With FMP9A you can remove the full access account and it's my understanding once that's done no one can hack your solution. Is this correct?

If that is correct and you've built a custom solution for a customer. What's wrong with providing that customer with the solution with "full access removed" and then when you update the solution or make changes, again provide it "full access removed" and import from the old solution into the new?

Wouldn't that stop someone from hacking your solution as far as access to calculation, scripts etc?

Milo

Posted

With FMP9A you can remove the full access account and it's my understanding once that's done no one can hack your solution.

This has been available from at least FMP7 Developer.

Wouldn't that stop someone from hacking your solution as far as access to calculation, scripts etc?

Yes, provided none of the privilege sets that you leave in the files have access to these things.

Posted

Hi Genx,

I have a solution where I would need to provide several different custom re-logins (dependent on where in the DB the user is). I have looked at the example in this thread for this reason, but am unable to find out how you generated the custom login at all. And I am unable to crack it.

Can you help me and provide an open example of just the custom login?

Best wishes,

Berny

Posted

Berny, please read a few back. Genx said it is a futile attempt. No matter what you do with a custom login screen, it will open you up to headaches. I have tried as well, and would love a secure option to do this, but it is not available. It WILL be hacked if you do. I may be wrong at this point, been known to be wrong from time to time, (just ask the wife... :) ) but if it is possible to achieve a custom login screen and have it secure, Genx and Ann will be the ones to do it...

  • 5 months later...
Posted

Lol, surely the number of hits on this topic should tell FM something. Of all the open source solutions ever posted this one has the most hits and it doesn't even work hehehe.

  • 6 months later...
Posted

No matter what you do with a custom login screen, it will open you up to headaches. I have tried as well, and would love a secure option to do this, but it is not available. It WILL be hacked if you do. I may be wrong at this point, been known to be wrong from time to time, (just ask the wife... : ) but if it is possible to achieve a custom login screen and have it secure, Genx and Ann will be the ones to do it...

I thought I would bring this back up again.

You have all talked about cracking a file that you have direct access to. Unless I am wrong, almost any file can be hacked some way if you have direct access to a file...Even through FM's native login. As Ann had shown, with the use of passware.

What about files you don't have access to...sitting on a server. The biggest part of security isn't just the file's security, but the access to the file. Network security is much more reliable than file security.

In a situation like that, how easy is it to break into? Here is a file I haven't seen anyone get into yet. (Note: again not talking about having direct access to the file, because of course then there is a way.) This file is from a well known developer.

Can you crack into it when you don't have direct access to the file?

SecureLogin.zip

Posted (edited)

You mind telling me how?

Hi Genx

jmormond's file is more simple to crack that your

file.

And the best part is...it's not even my file!!! :girlgiggle:

Some don't agree with me when I tell them that these custom logins don't offer enough security to be useful.

I am trying give them the proof they need.

Edited by Guest
Posted

I PT who it was.

I kinda semi-challenged his idea on accident. He would probably like to know how it was done. He posted that file on another forum for "analysis".

Posted

He would probably like to know how it was done.

He made a mistake, He has left the "secret layout" available to "default account"

He posted that file on another forum for "analysis".

It is not necessary, in this forum there are many developers that can crack "his" file.

Ann

  • 2 months later...
Posted

Hmmm... Ok.. How about this idea. Is there a way to have an app that will ask for a login name and password, then record the time and date the user logged in, keeping in mind that security is really not an issue, per say, but the permissions for all users are the same?

IE: User opens up app and the screen pops up asking for a user name and password. If fails, closes app. If passes, opens up the screen. Also users are added easily and all be done from the runtime?

Posted

Okay given that I started this tread, adding my 2c from two years later...

WHY!?!?!

Just use the standard login prompt. I've seen some systems that are very painful to look at since this thread started, and the truth is users DON'T really care... at all... seriously. A good login screen would be awesome, but if you need to go through a whole bunch of convoluted steps to achieve it and compromise security along the way there's no real point.

If you want a custom login screen and anything else that is out of FileMaker's reach, swap to a programming language that gives you the flexibility to integrate one. Otherwise just give up on it until FM integrate it [which I've resolved deep in my soul that they probably won't].

Posted

Hmmm... Ok.. How about this idea. Is there a way to have an app that will ask for a login name and password, then record the time and date the user logged in, keeping in mind that security is really not an issue, per say, but the permissions for all users are the same?

IE: User opens up app and the screen pops up asking for a user name and password. If fails, closes app. If passes, opens up the screen. Also users are added easily and all be done from the runtime?

now, there is not a usefull way!

I hope 11...12...13..

Ann

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.