Jump to content
Sign in to follow this  
HarrisonM

Log in and Log out

Recommended Posts

In my Filemaker solution, I have 2 types of users. Students and Teachers. I have made a login script that checks a users table for the username and password. The plan was to record in the users table, an admin approved name for a privilege set: Students get "Read only access" and Teachers get "Data Entry Access"

My questions are:

In order for a user to login as a "Student", Should I

1. Manually create a filemaker account called "Student" with [Read-only-Access] and then using the script step "Re-login" using the account "Student" ?

OR

2. If the username and password matches, create an account using the script step "Add Account" using the username and password and assign a predefined privilege set - "Student" with [Read-only-Access].

Correct me If I am wrong, For me it seems if I follow option 2, I can implement a log-out script by using the "Delete Account" script step and going to a "Logged out" layout.

If Step 2 is the way to go, whats the purpose of a "Re-Login" script step. And how does one implement a log-out after Login in with a "Re-Login" script step?

Share this post


Link to post
Share on other sites

Got it figured with some trial and error.

Mods may save space by deleting the original post.

Cheers

Share this post


Link to post
Share on other sites

You may want to rethink this entire process. It is insecure and hackers may be able to manipulate it easily.

Steven

Share this post


Link to post
Share on other sites

Thank for the help really.

The suggestion would have been useful for us "non-experts in filemaker" if you could explain the "insecurity" in the process.

So.. does it mean that restricting access with filemaker privileges is not good enough to deter hackers ? A similar database solution made in MS-SQL in the university has the admin able to upgrade or downgrade user privileges this way. Why would a similar process in filemaker be insecure?

Luckily, My humble solution runs on our local computer and is used to log in students into a CBT solution so we can track their performance during the session. Do you mean that if we ever commercialize the solution, we have to hacker proof it on say MS-SQL or Oracle?

Cheers

Share this post


Link to post
Share on other sites

If you have stored a password in a file as a data element, very likely it can be extracted. Take a look at this article:

http://www.fmpug.com/resources/security_schema_changes_filemaker_11

for some suggestions on really locking down and protecting your file.

As a general rule, the closer you stick to the basic FileMaker security schema, the better off you will be. When you start trying to modify or alter that, you begin rapidly to open vulnerabilities.

Steven

Share this post


Link to post
Share on other sites

It worked for me?

Share this post


Link to post
Share on other sites

It worked for me?

Not sure how that will help me if it worked for you?

Anyway, here is screen capture of the error it shows upon submitting the form to proceed to download.

Tested on Firefox 14, Chrome. Chrome just reloads the page, firefox shows the error. :hmm:

post-106903-0-42559500-1344171149_thumb.

Share this post


Link to post
Share on other sites

I get the error as well. Is FMPug sign-in required?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.