10 Replies Latest reply on Sep 21, 2011 2:02 PM by disabled_JackRodgers

    Recording a Full Access login secretely

      Title

      Recording a Full Access login secretely

      Post

      I would like to record a full access login without this action being discoverable by the loginee. Since the login would make all scripts and tables instantly accessible and modifiable I find this an interesting problem.

      The login notification needs to work under two conditions:

      On the assigned server.
      On any copy anywhere.

      The first condition is easy, the second not so easy and maybe impossible although I do have ideas for dealing with it.

      Sending an email is the most reliable on a server since full access will allow altering records but a transmitted email cannot. On a copy on a different computer this would fail.

      Any ideas or suggestions. Thanks.

       

      www.gofm.biz

       

        • 1. Re: Recording a Full Access login secretely
          philmodjunk

          I can think of ways to hide this and make it difficult to notice, but not fully hidden from the user with full access privileges. It's kinda like asking God to cover his ears so he can't hear what he is saying...

          • 2. Re: Recording a Full Access login secretely

            This only has to work when the file is open. After that the notication has been posted. The idea is to record the opening of the file immediately. After the intruder begins wandering through everything, its too late. Think of cutting the alarm after its started ringing.

            Of course no internet access short circuits that so my second idea will come into play.

            • 3. Re: Recording a Full Access login secretely
              philmodjunk

              Just brainstorming here...

              It's certainly possible to log all access dates and times in a table via an "onOpen" script. If the user uses FileMaker Advanced and the script debugger to halt the script when they open the file, they can short circuit that, but they'd need to know to do that before they could stop it from happening. You can make this a bit more  "hard to notice" if you name the table deceptively. The table can use auto-enter options to log the user name, account name, and timestamp so there need not be an explicit Set Field step in the opener script to give this away. In files with a number of other external date source references, you might even hide this table in a separate file. With a number of external references, this extra one might be lost in the crowd, but would stand out kinda obvious if it was the only such reference. Wonder what it would take to make that extra file invisible on each OS where you might want to try this...

              • 4. Re: Recording a Full Access login secretely

                I've already considered most of those ideas and found a few ways to short-time some actions so that the esc key won't stop them.

                Of course a real spy would know how to use one of those step by step applications so that each line of at the low level is run only by button click. I was fascinated when I first saw someone do that with 4th Dimension. So even my best idea here has a problem.

                So, wisely the grasshopper decided that doing what you can is better than worrying about what you can't do anything about...I move on and just do what I can.

                OK, as in all things with security you just make it harder for the honest folks or for the less knowledgeable not so honest folks.

                Now, how do I, upon recognizing an intruder/breacher, send a signal to the processor to melt down? Or upon noticing FIlemaker Advanced do the same?

                • 5. Re: Recording a Full Access login secretely
                  philmodjunk

                  Psychic Depth Charges?

                  I suppose you could trigger a script that randomizes key data in the tables, but don't think I'd even recommend that option. Seems more important to keep the uninvited out in the first place rather than try to sabotage them after they do. Such sabotage ideas may be emotionally satisfying, but can produce some real headaches if a legitimate user finds a way to trigger it by mistake.

                  You did know that you can use advanced to strip out the admin account producing a copy that no one can gain administrator access to it?

                  • 6. Re: Recording a Full Access login secretely

                    Why yes, I have knowledge of doing just that. I removed Full Access for a run time demo that is time delimited then lost the original and well, it's a big beautify file filled with data that few will ever see...

                    • 7. Re: Recording a Full Access login secretely
                      philmodjunk

                      Which is one more argument for keeping numerous sequential back ups of each file created and stored in more than one physical location...

                      • 8. Re: Recording a Full Access login secretely
                        Sorbsbuster

                        "Psychic Depth Charges?" - I have some of those.  They sit in my engineer's toolbox, right beside the Putting-On Tool.  Just below the Sky Hook, that lifts anything, anywhere.  On top of the tins of tartan paint.

                        Ah, my apprenticeship: "Oh, happy days of humiliation..."

                        • 9. Re: Recording a Full Access login secretely
                          philmodjunk

                          Buckets of "Beano" and left handed screw drivers are also useful. Wink

                          • 10. Re: Recording a Full Access login secretely

                            Just to redeem this thread I thought I would add this little tidbit:

                            "System IP Address: " & Get(SystemIPAddress) & ¶ &
                            "Host IP Address: " & Get(HostIPAddress)

                            Is interesting to have in a dialog. It can also be copied into the body of an email message but it looks just like it does here.

                            If a filemaker field is used for the body and in the email dialog the selects that field with this:

                            evaluate(thefielmakerfield) then the two lines above will show the actual addresses and not get(stuff).

                            I find this useful for emailing myself my current connect information whenever I wander out into the world...