13 Replies Latest reply on Aug 1, 2011 10:06 AM by philmodjunk

    IP Address

    GeorgeMoore

      Title

      IP Address

      Post

      Hello, I am about to try out FMPA when people talk of securing filemaker  pro by ip address. Are you talking about the ip address of the machine itself or the ip address given to the machine by the router / hub? Regards George

        • 1. Re: IP Address
          GeorgeMoore

          Sorry may I expand on this query.

          I am building a filemaker database, and we have 2 locations (offices) and i want to make sure that only one office machine can link into the other office machine and make changes to the database.

          I am thinking of getting a BT Secure Services managed system (UK) to make sure only that computer can connect over a BT VPN.

          Or can I drill down in Filemaker Pro Advanced and use MAC filtering as well. It will be extremly important that we have very secure connections as we are an alarm systems company and the data that we hold needs to be updated via our engineer(s) daily.

          Advice and Guidance would be welcome...George

          • 2. Re: IP Address
            philmodjunk

            If you elect to use a FileMaker script (does not require advanced), you could use Get ( SystemNICAddress ) to identify the hardware of the specific machine linking to your database as the client. Make this test in a script that is set in File Options to run when the file is opened and your script can log pertinant info about the computer, username and account name being used to attempt access before using Quit Application to kick them back out. (Allow user abort can be used to keep them from aborting this script during start up.)

            • 3. Re: IP Address
              GeorgeMoore

              Hi Phil

              Because what you are saying is a bit over my head with scripting at the moment I used copy and paste the "Get ( SystemNICAddress ) " into google and there seems to be a discussion going on about this very topic the link is http://fmforums.com/forum/topic/79031-defeating-getsystemnicaddress/

              It is a shame that Filemaker cannot just add an extra facility of MAC filtering.

              I will come back to your guidance and advice when i know more about writing a script....many thanks George

              George

              • 4. Re: IP Address
                philmodjunk

                I think you'll need to acquire a basic knowledge of scripting if you are serious about creating your own database here.

                The link you shared connects to a very good discussion of the issue with some major industry experts weighing in on the subject. A lot depends on  how much "security" you really need in this area. The key detail I parsed out of this is that VM ware can be used to "spoof" an NIC address so it is at least theoretically possible to get around this security measure--but you'd have to know that NIC address before such "spoofing" would accomplish anything.

                How likely/easy it might be for someone to get account name, password, and NIC address in order to gain unauthorized access to your file is a call you'll have to make. To me, it doesn't seem very likely when you include it as part of your overall "layered defenses" that you'll want to put in place for such a system.

                • 5. Re: IP Address
                  GeorgeMoore

                  Hi Phil

                  Have i by accident found a solution.... the link below is talking about setting up a table of MAC address filtering that the Filemaker database will allow. Where I think that in this case I obtain the MAC address of all the computers that I want to allow and enter them into a table and then use the script in the article below.

                  How do I prevent a solution from being installed on more then one Ipad.

                  If anyone can provide a confirmation (someone more expereinced than myself) of this it may worth reposting this answer as A lot of people have been talking around this idea but with Instant Web Publising (perhaps instead of using a server)

                  George.

                  • 6. Re: IP Address
                    philmodjunk

                    That's exactly the post I was remembering when I responded to your post. Not having tried it for myself, I waited to see if someone who had would respond first. (That thread may be found in the FM Go section of this forum and is the context behind its question.)

                    • 7. Re: IP Address
                      GeorgeMoore
                      Hi I am just wondering with being in the UK and using a BT Business Hub..... This link provides info on how to manage a lIst of devices connecting to my network http://btbusiness.custhelp.com/app/answers/detail/a_id/13475/~/how-do-i-set-up-mac-address-filtering%3F Do ,you think this may be easier to acheive until I know how tomset up the scripts as outlined in the above discussion. George
                      • 8. Re: IP Address
                        philmodjunk

                        I don't know enough to offer an opinion on what will be easier for you. That's very much something determined by what skills and experience you already have and in what areas. You'll have to decide that for yourself.

                        If I were you, even if I decide not to use this scripted security enhancement, I would not embark on this project until I understood and had a basic competency with FileMaker scripts. It's just way too valuable a tool to use in producing a solution that works for you not to learn how to use it.

                        • 9. Re: IP Address
                          GeorgeMoore
                          What'd you mean by a valuable tool. Do you mean other people could use it? If it works.
                          • 10. Re: IP Address
                            rjlevesque

                            @Phil's last post - Extremely well said! Smile

                            • 11. Re: IP Address
                              philmodjunk

                              A tool for creating a database that does all you want in a way that works well for all users. Not using scripting in the design of a FileMaker database is like pedaling a bike with only one bike pedal.

                              • 12. Re: IP Address
                                GeorgeMoore
                                Hi...  I have been looking through some google results for filtering ip and mac address for people who are using FMPA with the idea of .... Securing web access to FMP IWP web files. 1. The script below is suppose to find the computers identiy of the visiting computer. Script link http://forums.techarena.in/software-development/1179119.htm 2. Can anyone now use the above script to compare the findings e.g. The results of the browser test above with a table of approved computers with ip and mac addresses? In other words create a script that after checking the machine ip and mac address will test or check a list in a table of approved ip and mac addreeses and if there is a match then that persons computer will be allowed through to log onto the FMP IWP files.
                                • 13. Re: IP Address
                                  philmodjunk

                                  Depends on what you mean by "anyone".

                                  PHP is a tool you can use to design a web page so that it can access a FileMaker database only if you configure Filemaker to publish the database to the web with custom web publishing. Your initial post described a very limited access configuration that does not require publishing FileMaker to the web at all.