Lock User after three failed login attempts

[djlane]

Hi,

My client is a Bank, and they have a standard policy that if a user / password fails three times, the user account must be locked. Also, every failed login attempt must be logged.

I know that with server, the failed logins are recorded in a log (along with a lot of other stuff...) but how do I lock out a user with three failed logins? I'm not using (read I have no idea how to use) external authorisation.

Is there a way to do this in Filemaker ?

thanks

Edited May 9, 2008 by Guest

[JerrySalem]

I bet you can do this with external authentication. But I needed to do something similar a while ago. And using just Filemaker, no it is not native.

I replicated this by using a 'roll your own' login.

When you start the system, you log in using a 'standard' login (like user/user)(set this in the file options).

In the startup script,

you are taken to a 'login' layout.

Start a Loop

request a login and password from the user and set a counter.

When they click a login button on the 'login layout' you pass the login/pw info provided using a Re-Login script step. and incrememt the your counter if you need to.

If the login is successfull, change to the main layout of the solution and halt the script.

If you try to login too many times, do an exit application script step.

Hope this helps.

jerry

[djlane]

Thanks Jerry, thats exactly what I have started doing, and I think it will work.

One thing - how to stop the user from simply signing in with his username without going through the new sign in process? I was thinking of having a "display" name that the user thinks is his actual FM account name (eg bob), but the sign in script adds a few extra characters that the user does not see. So bob's actual FM account might be bob123. He selects "bob" from a list, and the script signs him in as bob123 without him seeing that name.

[JerrySalem]

First make sure that the 'login using' is checked off in File Options. Also make sure the startup script is selected in the same dialog box.

If you are worried about unauthorized access, you can put a check for that in the startup script.

When that script starts you should be logged in as your 'default' user. If the current user login is not 'default' or YOU show a dialog box and exit out of the program.

This may be easier than managing 'hidden' account names.

Jerry

Thanks Jerry, thats exactly what I have started doing, and I think it will work.

One thing - how to stop the user from simply signing in with his username without going through the new sign in process? I was thinking of having a "display" name that the user thinks is his actual FM account name (eg bob), but the sign in script adds a few extra characters that the user does not see. So bob's actual FM account might be bob123. He selects "bob" from a list, and the script signs him in as bob123 without him seeing that name.