Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 5122 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

I'm just starting - after many FM years - to have a need for some file security routines in one of my applications.

I've played a little bit with the security features and have some questions:

1.After one file is successfully opened via username/password, can another file with the same authorizations (account name/password/privileges) be opened without having to enter username/password for each such file? In the worst case, I experienced having to enter the username/password for every scripted import statement when restoring the tables from a backup. Unacceptable!!

2.MAC OS X has a keychain for 'remembering' passwords on the computer. Do Windows XP, Windows Vista, and/or Windows 7 have a comparable feature? Would like the user to have the option to bypass the username/password.

I'll leave it at these for now.

Posted

1. Yes, all files with the same Account/Password will open without another dialog.

2. I don't know, but I've never heard of a Windows "keychain" (exactly). You can set a file to open with a specified account/password, in the File Options (File menu). But that defeats the idea of Accounts.

Alternatively you can distribute an "opener" file to different people; also kind of defeats security as anyone who walks up to the machine can use the opener file.

On both platforms there is an alternate method, which is External Authentication; especially used on Windows. I don't know a whole lot about it. It would normally be used in larger multi-user in-house environments.

Posted

I use External Authentication (Windows AD) and it is an excellent method of securing your database.

Basically, Filemaker uses Windows security groups for authentication. So the user logs into their PC as they always to and they never have to log into Filemaker nor do you as an administrator have to create Filemaker accounts for them. All you do is place the users into the correct Active Directory security group and its done.

It is such a seamless experience for the user that most of mine think Filemaker has no security because they never login.

Posted

MAC OS X has a keychain for 'remembering' passwords on the computer. Do Windows XP, Windows Vista, and/or Windows 7 have a comparable feature

It's called Single Sign-on (SSO) and it's different from the MAC OS X Keychain because the password is not saved to the local machine.

You can get SSO working of the client and FA use PCs and FMS is set up for external authentication.

Posted

To my first question about getting a dialog box with each open,

1. Yes, all files with the same Account/Password will open without another dialog.

I've still got an issue with this. It seems to work if I DON'T have 'require full access privileges to reference this file' checked. But I don't want unauthorized folks to 'browse' through my file with the ability to import scripts/tables/etc., so I've checked file access 'require full access privileges to reference this file'. Then when I do 'save a copy' the copy should have the same accounts/privileges/passwords as the original file. But When I script an import to restore a table in the original file from the table in the copy file, I get the dialog box even when I've opened the original file in a 'full access' account. If I restore several tables, I get the dialog for each table.

What am I doing wrong? Or can't I secure the scripts/tables/etc. from being browsed and still open/reference other files with the same account/privileges structure without the dialog?

Posted

I got my answer elsewhere.

While you can open other files with the same account/password/privilege structure without the open dialog, you can not 'import' from such files without going through the open dialog.

To get around the import limitation, you first have to open that file. When that file is a copy of the first file, it gets a little tricky in setting up an additional account, possibly modifying opening scripts, and employing the re-login script step.

It wasn't trivial, but I got it done.

This topic is 5122 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.