Flaw Security in FM11 Accounts/Passwords Security?

[natursalus]

Hello,

I use FM 11 Pro Advance to develop FM-based databases.

One of my greatest concerns is how easily the Accounts / Passwords of FM-based databases can be unlocked with applications like: "FileMaker Password Recovery".

Here I am not talking about being an expert hacker and using aby "brute force" approach. Just get the application and you can unlock an Account/Password protected FM-based database.

Maybe I am missing something and there is a way to prevent the "FileMaker Password Recovery" application from figuring out Accounts, Passwords and enabling you to modify the passwords and have FULL access to an FM-based database.

If there is a way to assure that FM Accounts / Passwords do what they are supposed to do, I would appreciate some feedback from FMForums Security experts.

Thanks,

natursalus

[Steven H. Blackwell]

Use the Developer Tool in FIleMaker Pro Advanced to remove the [Full Access] Accounts. That will give you added protection. BTW, such programs do not extract passwords from FileMaker Pro files, inasmuch as there are no passwords stored in these files.

Steven

[natursalus]

Hello Steven,

Thank you for answering such a "scary" question. Not everybody is willing to talk about it.

Please, correct me if I am wrong, but

Use the Developer Tool in FIleMaker Pro Advanced to remove the [Full Access] Accounts. That will give you added protection.

This would be for creating a runtime solution out of a database, right?

But since runtimes have so many limitations, a runtime is not a valid option for my purposes.

So, what happens with just a database? Can I do the same for databases?

BTW, such programs do not extract passwords from FileMaker Pro files, inasmuch as there are no passwords stored in these files.

No clue about what these programs do, other than by passing FM account/password protection

From your answer and the suspicious silence gathered in other FM forums I am getting the following message: FM account/password security is an illusion!

Thanks,

natursalus

[IdealData]

Using the developer tools to remove [Full Access] does NOT generate a runtime - you must specifically select the create runtime option if you want to do that.

[natursalus]

Hello IdealData,

Using the developer tools to remove [Full Access] does NOT generate a runtime - you must specifically select the create runtime option if you want to do that.

Great, finally some good news!

Thank you for the tip.

natursalus

[Wim Decorte]

From your answer and the suspicious silence gathered in other FM forums I am getting the following message: FM account/password security is an illusion!

I think that's a false conclusion. Credentials security is just one aspect of security. The key however is that if people can get their hands on your physical files, there are tools that can strip out and replace existing pw. Those tools do not work on hosted files.

The same applies to other file formats like Access databases, Excel, Word, etc.

In the land of databases Access and FM are in a bit of a unique position vs say MySQL, SQL Server, and so on. For those other "hosted-only" databases it is typically much harder to get your hands on the databases themselves. Whereas for FM, if you distribute for non-hosted deployment then it is easier.

As was mentioned before, use the dev tools to strip out full access before you deploy. If you do deploy to a hosted environment, make sure to pay attention to access to the server OS, the backup locations, etc.

[natursalus]

Hello Wim,

Thank you for the distinction between hosted-only vs non_hosted databases and for pointing to the fact that Password recovery tools do not work on hosted database files.

natursalus

[comment]

As Wim hinted, the password breakers work by replacing a section of your file with their own version. This enables them to assign their own accounts/passwords to the existing privilege sets. AFAIK, they do not create new privilege sets or modify existing ones - that's why removing [Full Access] accounts "will give you added protection".

That's not to say that this is not a horrible flaw in security - esp. the security of your (or your users) data. You may notice that if you open your file in a text editor and change anything in it, Filemaker will detect the tampering and refuse to open the file. However, the hacking applications are able to bypass this anti-tampering device. I believe this is something FMI could have prevented rather easily - and hopefully will in the next file format change.

[natursalus]

Hello Comment,

Hopefully FMI will release FM 12 with improvements in so many areas, anytime soon before the "End of the World" as we know it

natursalus

[Steven H. Blackwell]

He who lives by the FIleMaker Crystal Ball soon learns to eat ground Case functions.

Steven

[natursalus]

Hello Steven,

You are quite right, but

No certainties with FileMaker, just "Case functions"

Happy new year 2012 to you and your family.

natursalus

[Buckie]

Thread resurrection.

Could someone elaborate on what tools exactly are involved in removing the Full Access accounts? And pardon my ignorance, but once those are removed, is there still any way to edit the database structure afterwards?

[comment]

what tools exactly are involved in removing the Full Access accounts?

FileMaker Pro Advanced.

once those are removed, is there still any way to edit the database structure afterwards?

No.

[Buckie]

So then it's just like I thought - provide a solution without any ability to do upgrades without re-importing data unless the data and the interface are separate.

[Lee Smith]

Your post seem to have a lot of negativism in them, Why is that?

[Buckie]

Lee, are you referring to my post? Is there really a lot? Never intended it to be that way, just trying to understand how it works.

[Lee Smith]

Hi Buckie,

Some of your post just read that way, perhaps it is a language barrier? As long as I know you're not being negative, I'll read posts in a different light.

Lee

[Buckie]

Well yes, as much as I'd hate to admit it, my native language is Russian. I gotta practice more!

[Steven H. Blackwell]

Please bear in mind that the developer tool that removes the [Full Access] accounts works on a copy of the file, not on the original.

Steven

[Buckie]

Could you tell me where exactly it has to be performed in FileMaker? The Manage/Security... dialog will always respond with "There are no active FileMaker accounts that use the Full Access privilege set. There must be one account like this. Create a new account or modify an existing account to use the Full Access privilege set."

[comment]

http://www.filemaker.com/11help/html/fmpa_tools.24.9.html#1028118

[Buckie]

Awesome, thanks!

[Vaughan]

FileMaker Pro Advanced: Tools menu, Developer Utilities... command.

In the Developer Utilities window, add the file to the list of Solution Files. Then under Solution Options click the Specify... button.

The file will need active accounts that are assigned to a privilege set other then Full Access. This is because the option will delete the Full Access privilege set and all associated accounts from the file.