10 Replies Latest reply on Apr 11, 2015 7:11 PM by GaoshengHuang

    security script

    GaoshengHuang

      Title

      security script

      Post

      Hi, 

      I completed a project for a friend. To both protect the information for my friend and to prevent unauthorized use my solution, I came up with scripts that try to prevent the solution from being installed on another computer or being used after a certain time. Please see attached scripts. I retrieved the NIC number and host name first. 

      But it doesn't work and I cannot figure it out. Could somebody help? 

      Thanks! 

      script.PNG

        • 1. Re: security script
          SteveMartino

          Can you describe what 'doesn't work' means?  Did you run it thru the script debugger to see what branches it takes?

          Just wondering:

          Does "[Full Access]" need to be in quotes?

          • 2. Re: security script
            philmodjunk

            Yes, exactly how it fails is very useful info. Did you consider using the get ( PersistentID ) function? (NIC refers to your network interface card. In theory, your system would stop allowing access if the user changed out this card.)

            • 3. Re: security script
              GaoshengHuang

              I don't see get(PersistentID) function on Filemaker 11. Is that a new function for version 13? It seems I have no problem getting NIC card.

              • 4. Re: security script
                GaoshengHuang

                I am sorry I should have included that information: it seems weird. I did use the quote for Full Access. I first tested it on my own computer and it seemed to be working fine. I first used the get functions to obtain the NIC IDs and hosts Then I intentionally changed some characters. So I was able to log in as the super super and other privileges could not. That's great. Then I moved it to another computer, refreshed the NIC IDs and host names still using the get functions (I used a Set Field script). Then all users are supposed to be able to log in but still only the super user could log in. So I had to disable this feature so that all users are able to log in.

                • 5. Re: security script
                  philmodjunk

                  If you do not have FileMaker Advanced's script debugger available (you can enable this feature, then open the file with a limited access password and still watch the script in the debugger. The debugger will ask you for the full password, but the file will open with the limited access credentials so that you can see what happens.)

                  Insert a different show custom dialog step into each of your If blocks so you can tell which one is responsible for denying access. You can then take a closer look at that part of your script and the data that it is checking to see what might be the cause of your trouble.

                  Also, make sure that your script is running on the correct layout and that your found set includes at least one record.

                  • 6. Re: security script
                    GaoshengHuang

                    Thanks for your response, Phil! 

                    I do have FM Advanced and tried script debugger. It showed 0 errors. Then I put a show custom dialog for each of the control and then the dialog showed for the first control - system NIC address issue. But the NIC address is the same as what I get using the Get(SystemNICAddress) function. I even created a test field: Exact ( Super User::SystemNIC; Get ( SystemNICAddress )), and showed 1. Then all users should be able to sign in but still only the super user with Full Access privilege can. 

                    But I noticed one thing: if I use Re-login after I log in as super user, then I can log in as any other user. What light can this shed? 

                    Thanks!

                    • 7. Re: security script
                      philmodjunk

                      In the script shown, there is no step selecting a particular layout or making sure that there is a record in that layout's found set.

                      I suggest using the debugger to step through the script with the user's password not full access and watch to see what record is current on what layout at the time the script denies access. My previous post described how to enable the debugger before opening this file and how to open it with the restricted password.

                      • 8. Re: security script
                        GaoshengHuang

                        I added go to layout (super user) but it still doesn't work. The thing is: if I use re-login, it does work. So I guess not navigating to the layout is not an issue. 

                        When running debugger and data view, I found one thing: the expression for watch - Exact ( Super User::SystemNIC; Get ( SystemNICAddress )) - is 0. But when I created TestNICAddress as a calculation field: Exact ( Super User::SystemNIC; Get ( SystemNICAddress )), the result is 1. 

                        • 9. Re: security script
                          philmodjunk

                          My guess is that by the time you do the re-login, your context has changed. To Repeat:

                          In the script shown, there is no step selecting a particular layout or making sure that there is a record in that layout's found set.

                          To me, it sounds like the record that stores your data that you want to compare to the get function results is not accessible at the time the script is performed. A difference in context could also easily explain why your calculation field and script step with the same expression do not produce the same result. (your calculation field specifies a "context" in the drop down menu at the top of specify calculation that may be completely different from the "context" established by your layout and current record when the script step executes.)

                          But what you need to check when stepping through the script and reach the if step that is incorrectly denying access is:

                          What layout are you on?

                          What record, if any is current? Is the data in your fields accessible at that moment from that layout and record?

                          What access permissions are in place at that time? (Is the script set to "run with full access permissions" or might some non full access privilege set be in place that does not allow access to the fields that store this data?)

                          • 10. Re: security script
                            GaoshengHuang

                            Phil,

                            Your reasoning makes perfect sense! I added a Go to Layout script, then added Go to Record/Request/Page[First] step (since  there is only one record), and it works now! 

                            You are an incredible asset to this forum! I really appreciate your help!