Getting List of Account

[fmbug]

Hello everyone,

Unfortunately, I stuck with a problem, that I never thought before.

Actually I want to get a list of all the Account Name and Password that is created using File -> Manage -> Security.

I want it in a table called Users, as however it is possible.

please also let me know, it is possible or not. If possible please let me know the right steps so that I can achieve my tasks.

Thanks in advance

[fmbug]

Atleast please let me know, whether it is possible or not. Otherwise I will move to some another way.

[Ron Cates]

It's actually not possible by design. From a security stand point, the last thing you want to do is store your user names and passwords in a table and Filemaker purposely does not provide any kind of function or scripted access to them.

[fmbug]

Thanks Ron for your valuable response. But please suggest me, is it possible by another way.

[qube99]

You can't retrieve existing passwords. You can get the account names using Get(AccountName) and Get(UserName).

You could setup an account creation screen and store the passwords when an account is created from this screen. Then use security settings to make sure only approved people can see the account table. When you do this make sure you turn off the change password on first login function.

I use this screen to store logins for company email and phone accounts as well as the info for direct deposit paychecks and other highly private information.

[LaRetta]

You could setup an account creation screen and store the passwords when an account is created from this screen. Then use security settings to make sure only approved people can see the account table.

NO do not do this. Restricting a LAYOUT is not secure. Passwords should NOT be data in a table ... ever.

[Lee Smith]

:iagree:

[qube99]

Why would a table not be secure with privilege sets?

[comment]

There are several reasons why you don't want to store passwords in the file (or anywhere else, for that matter). I'll mention two:

1. If the physical security of the file is breached, then the data can be retrieved with relatively little effort. If the data contains passwords, then the file becomes completely open to the attacker - data and schema alike.

2. Not knowing the users passwords protects the admin. Anything done by an account MUST have been done by that account holder and no one else.

[qube99]

Some good points but I'd like to expound on one point a bit.

Even if passwords are totally secure I've had problems with people writing them on a sticky. Leaving a workstation without logging off is a problem.

I suppose there is no real reason to know passwords. A user can't hide anything from admin anyway. Some clients just don't like the idea that employees have a secret, such as a password. I guess one way to approach it is to educate the client on the various security issues and let them know storing passwords is useless.

I mentioned that because I recently had a client that insisted on it so I used a secure table that only he could see. End result is a happy client that paid his bill.

Until we get biometric security passwords will always pose security problems.

We have a similar security problem in ecommerce where I've had clients that want to store card info. My approach to this is to advise against it in the strongest possible terms in writing and even cancel our involvement if necessary. If there's a breach they will always blame the developer. Remember TJ Maxx?

[LaRetta]

You do not need to store passwords in a file to allow managers to see data created by other Users; that is what privileges are for. There would be no need for a Manager to log in as a staff.

[fmbug]

non of the answer / discussion is perfect, which I should use. Please tell me it is possible or not.

[IdealData]

All the options have already been presented - make your choice.

[doughemi]

I want to get a list of all the Account Name and Password that is created using File -> Manage -> Security.

I want it in a table called Users, as however it is possible.

Folks here have offered excellent reasons why not to do this. I think the relevant question here is why do you think that this is necessary?

Once we know the reason for the question, we can suggest more specific alternative options.

[fmbug]

Doughemi,

I want to do the same because, I just want to Export the User Account details to an Excel file.

[LaRetta]

What Account details do you want to export? There is nothing wrong with storing the Account Name in the staff record; in fact that is how I load StaffID to global variable to use throughout the User session. It is pointless, dangerous, and very difficult to get the password. Account can be exported with staff name. But even the Account is worthless externally. Your boss simply needs to be told that s/he can get to ANYTHING the employes can see and do because of THEIR special privileges and that the passwords simply holds staff accountable for their actions so that nothing is hidden from the boss. You DO have it so boss can go into that employees special layouts, right? If boss is stopped that could explain their insistence and fear that things can be hidden. Boss should not be full access but they need more freedoms in this regard. :-)