Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Managing accounts in data separation model - what happens when I upgrade?

mike_eddie
in Security Concepts

Featured Replies

Hi there,

 

Currently I have a FM solution which has a database and an interface file, both with identical user accounts. On login, the license key which is stored in the interface file is checked against the company server to see if it is valid, and in date. It does this by comparing persistent id, a license key which is generated by filemaker using UUID, an organisation name, and expiry date.

 

Ive realised that I may need to update the interface file, database file, or both at various points in the coming months. As I update, how do I keep the current user accounts, and not force the users to reset passwords etc. The client currently does not have any form of external authentication setup.

 

Ive sketched out a model which I think may work, can anyone spot any problems. Ive extracted out the license key to a separate file which will live on each clients computer. That way if the interface file is updated then the license won't have to be re entered. 

 

Could i also extract out the accounts into an accounts file, and use this to add/delete/modify filemaker user accounts?

 

What security accounts/login details would I need to use for the license file, and accounts file?

 

I hope the diagram below will make my mental model a little clearer?

 

Screen%20Shot%202015-02-19%20at%2010.49.

 

BW,

 

Mike

 

 

  1. The best way to deal with the Accounts issue is to have the authentication occur on the server.  That can be the FIleMaker Server or a Domain Controller if the customer has one.

     

  2. The "license" is very problematic.  It is very likely easily defeated unless you have taken some extensive steps to enforce it.  For example, you noted, "On login, the license key which is stored in the interface file is checked against the company server to see if it is valid, "  If I were the Attacker, how would I go about bypassing this, turning it off, ignoring it, etc.

     

  3. You might want to wade through this thread from a year or so ago. http://fmforums.com/forum/topic/90015-is-securing-a-stand-alone-fmp12-solution-really-that-hard/

 

Steven

Under the data separation model there is no need to have the interface on the client's computer.  It can be hosted on the server.  And that would open up the possibility of using external authentication against local accounts and groups on the FMS box.  That would solve your update issue because you would not have to touch accounts.

Create an account or sign in to comment

https://fmforums.com/topic/95126-managing-accounts-in-data-separation-model-what-happens-when-i-upgrade/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.