External file access of secured database

[Will Loving]

I am aware of the Security feature added in FM 11 to restrict external File Access in the security settings, but I was recently stunned to discover if this feature is not set, a user can create a new blank database file, and then reference a password and privilege set protected file file without ever having to enter a username/password for that file.

 

I always assumed that in such a circumstance a user would be denied access unless they entered a valid user account for the file that they were attempting to access. On the contrary, I was able to import tables, scripts and data into my blank file, as well as directly manipulate data in the accessed file, without any apparent restriction. I still have a number of clients that are using a mix of FM 10 and 11 and so cannot use the FM 11 and up File Access restriction at this time. Are there ways to block this kind of external file access in FM 10?

[Steven H. Blackwell]

This sounds as if the file was already opened or had an auto-enter Account in it.

 

The purpose of File Access Protection is to prevent a person who already has access to the file at a subordinate level or who gains access to that file from manipulating the file, extracting contents, etc.

 

This document may prove useful:

 

http://www.fmpug.com/resources/security_schema_changes_filemaker_11

 

Steven