Jump to content

Managing accounts in data separation model - what happens when I upgrade?

mike_eddie

By mike_eddie
in Security Concepts

 Share

This topic is 3347 days old. Please don't post here. Open a new topic instead.

Recommended Posts

mike_eddie Apprentice

mike_eddie

Posted
Posted

Hi there,

 

Currently I have a FM solution which has a database and an interface file, both with identical user accounts. On login, the license key which is stored in the interface file is checked against the company server to see if it is valid, and in date. It does this by comparing persistent id, a license key which is generated by filemaker using UUID, an organisation name, and expiry date.

 

Ive realised that I may need to update the interface file, database file, or both at various points in the coming months. As I update, how do I keep the current user accounts, and not force the users to reset passwords etc. The client currently does not have any form of external authentication setup.

 

Ive sketched out a model which I think may work, can anyone spot any problems. Ive extracted out the license key to a separate file which will live on each clients computer. That way if the interface file is updated then the license won't have to be re entered. 

 

Could i also extract out the accounts into an accounts file, and use this to add/delete/modify filemaker user accounts?

 

What security accounts/login details would I need to use for the license file, and accounts file?

 

I hope the diagram below will make my mental model a little clearer?

 

Screen%20Shot%202015-02-19%20at%2010.49.

 

BW,

 

Mike

 

 

Link to comment
Share on other sites
Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

  1. The best way to deal with the Accounts issue is to have the authentication occur on the server.  That can be the FIleMaker Server or a Domain Controller if the customer has one.

     

  2. The "license" is very problematic.  It is very likely easily defeated unless you have taken some extensive steps to enforce it.  For example, you noted, "On login, the license key which is stored in the interface file is checked against the company server to see if it is valid, "  If I were the Attacker, how would I go about bypassing this, turning it off, ignoring it, etc.

     

  3. You might want to wade through this thread from a year or so ago. http://fmforums.com/forum/topic/90015-is-securing-a-stand-alone-fmp12-solution-really-that-hard/

 

Steven

Link to comment
Share on other sites
Wim Decorte Grand Master

Wim Decorte

Posted
Posted

Under the data separation model there is no need to have the interface on the client's computer.  It can be hosted on the server.  And that would open up the possibility of using external authentication against local accounts and groups on the FMS box.  That would solve your update issue because you would not have to touch accounts.

Link to comment
Share on other sites

This topic is 3347 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept