8 Replies Latest reply on Apr 4, 2013 8:55 PM by symbister

    Relogin and security...

    symbister

      Title

      Relogin and security...

      Post

           Hi using FMP 11 on a served Mac OS network

           I was using Re-LogIn in my opening script to force users to login (some machines are shared by different staff) no matter what was in their keychain, but found that users could easily get around this by just cancelling out of the dialogue box and end up on their colleague's layout - what's the best way to ensure that users log in - and that they go to the correct layout relative to their level of access. (the latter is in the opening script, directing users to 'their' layout). I was considering setting up a user table to hold their name, layout etc. but haven't gone down that track yet.

           thx in advance

        • 1. Re: Relogin and security...
          JimMac

               You don't use Re-Login when using Security on a Server.

          Full Access account can change the File log in options.

               Under File | File Options...   menu 

               You will get a Options dialog.

               Select the Open/Close Button at top.

               Select Account Name and Password

               UnCheck  Log in Using:  Then make permanent by OK.

          Make sure you do this only after you have an Account set up with Full Access privileges.cool

          The only way to change that is with Full Access accounts.

               Each user who Open Remote... will be asked for his Name and password, independent of the other Client users.

               Jim..

                

                

                

          • 2. Re: Relogin and security...
            philmodjunk

                 Your script can use Get ( LastError ) to detect that the cancelled the Re-Login dialog and take appropriate action.

            • 3. Re: Relogin and security...
              symbister

                   Thanks Jim

                   But that doesn't force a login if the username and password are in the keychain.

                   Phil's suggestion sounds like more what I'm driving for - I tried Get(LastMessageChoice) out of the Login dialog, but I'll instead try Last Error - thanks

              • 4. Re: Relogin and security...
                symbister

                     mmm still doesn't force a login - script in screenshot..

                     if FMP is left open on a user's machine, another user comes along and opens the file, there is nothing to stop them hitting Cancel out of the Login, then Cancel again (or Continue) out of the "Relogin has been cancelled..." message box, and ending up exactly where you don't want them.

                      

                • 5. Re: Relogin and security...
                  JimMac

                       I have MacOS on shared computers.  It appears you have 3 ways to go.

                       1) Set up Keychain [speaking from minor experience here] just like FMP and not allow keychain Access to FMP as Admin of Keychain.

                       2) Set up FMP Server to time out a User and On Exit Script, Quit the FMP application or Re-Login into a Dummy account with about zero privilege.

                       3) Command and Control by Adding my screen shot to your Script.

                        

                       Allowing a shared computer with sensitive info to stay open and not Log Out from MacOS has some interesting security problems too.

                       BTW, I have done what you have thought about of User Name and Password Interception and stored that is an Restricted External FMP Personnel where I do a simple scramble on the Password so no quick peeks if the Admin is using it.  I got tired of the inevitable "I forgot my password" and i couldnt retrieve it from FMP

                       JIm...

                  • 6. Re: Relogin and security...
                    philmodjunk

                         Using Perform Script recursively like this is definitely a good way to go. Another option is to use Close File or Exit Application to close it all down and make the user start all over again. That can be a bit less friendly but saves you from the support call: "I can't quit the file and can't remember the password so I'm trapped." A middle ground approach is to count the number of tries in a global variable and close or quit after x number of tries.

                         After testing to make sure all works as needed, I'd also disable user aborts on this script.

                    • 7. Re: Relogin and security...
                      symbister

                           Thanks guys, will do some more tinkering

                      • 8. Re: Relogin and security...
                        symbister

                             Ok sorted thanks - but had to trap for Get(Last Error) = 1 or 212, as clicking OK in the login dialog box went straight into the file..