User Account Management System

[performance1]

I'm new to this forum but hope someone can clarify something that I am working on. I recently found a solution in Advisor magazine from 2006 for a security system. I put it together and read over ever detail but found it omitted some information to complete it. It is made with local scripts for each file and controlled by scripts in the Main FIle. It is a 3 part series. Normally there is a file download but not in this case so I can't trace down the problem. Is anyone familiar with this system? The system uses Table Occurrences in each file based on the main file fields. I am having a hard time understanding how this works. I've deconstructed the system and understand everything but that. When I put it together it did not work. Has anyone got a completed sample that works? I called the pub and they couldn't help. I'm sure it is a minor issue that needs to be addressed.

[Steven H. Blackwell]

I [color:red]strongly recommend that you avoid using ersatz systems of this type. Almost always, they are profoundly insecure.

Instead, if you have multiple files and muiltiple accounts, use the external server authentication option that comes with FileMaker Server and FileMaker Pro.

Steven

[performance1]

You mentioned using an external server authentication. I like the idea since I'm using a dedicated G4 running Leopard which goes to sleep. I understand a remote user can wake the machine using that setting in FIlemaker which is not possible with the present Filemaker setting. Is there any documentation on how to set up the external server for this? Can it be done on the hosting machine?

[Stuart Taylor]

RE: ESA

If someone (lets say employee going to setup a rival company) steals a set of files (lets say backups) and sets up the same user group names on there own server, can they not get access to all of the data on every level without the need for knowing passwords?

best

Stuart

[Vaughan]

I'm using a dedicated G4 running Leopard which goes to sleep.

If you're using FileMaker Pro, I recommend NOT to allow the computer cpu to sleep. Screen sleep is Ok.

[Vaughan]

If someone (lets say employee going to setup a rival company) steals a set of files (lets say backups) and sets up the same user group names on there own server, can they not get access to all of the data on every level without the need for knowing passwords?

Yes... I think it's called spoofing.

However, once somebody has physical access to the files there are lots of ways they can crack into them. Spoofing the External Authentication is probably the *hardest* way to do it: a password cracker would be easier.

IIRC it's never been recommended to externally authenticate the Full Access account, probably for this very reason.

[Steven H. Blackwell]

What Vaughan said. And this is the reason we recommend never authenticating a Full Access account externally.

Steven

[MorFologist]

Hi Steven,

Do you think FM11 has improved the structure enough to not have to use ESA?

-Karen

[Steven H. Blackwell]

No, you should use External Server Authentication wherever possible. It's not a question of improving in FileMaker Pro 11.

External Server Authentication is the best way to manage multiple Accounts and Groups across multiple files.

See the Tech Brief on External Server Authentication.

Steven