7 Replies Latest reply on Feb 5, 2010 8:16 AM by ninja

    User Password creation and reselling

    patinthehat

      Title

      User Password creation and reselling

      Post

      Hello,

      This is my first post on this forum, though I have been lurking for a while now.

      I am in the development of putting databases online for resell. I have my database almost ready to go, and am a bit confused. 

      I understand adding accounts with privilege sets, etc.  I have tested adding a few accounts with passwords, etc. 

       

      What is the process others have used for letting the end users create their own passwords? My end goal is for the user to access their password-protected database online (without me knowing their password).

      Is this a limitation of Filemaker?

       

      I am at square one and not sure where to start. I have a certain host who can do the Filemaker hosting of my type of database. 

      It would seem like others have gone down this road before.

      Thank you for your replies.

      Patrick 

       

        • 1. Re: User Password creation and reselling
          ninja
            

          Howdy Pat.

           

          I tought I'd respond in rhyming meter...{pat in the hat type style} but it would take too long to compose.

           

          If you set the account up to allow users to change their password,

          Give them a password and require them to change on the first login,

          you've got what you are asking for.

           

          Under File>Change Password, they can then change it as often as they like.

          You would only know their password until they logged on the first time and were forced to change it.

          After that, you would only see bullet markers when you went to snoop...even as the admin.

           

          Is that what you're after?

          • 2. Re: User Password creation and reselling
            patinthehat
              

            Hello Ninja, 

            I appreciate your reply.

            I did see that checkbox for allowing the user to change it on the first login. The hosting company I found hosts the database without the capacity to change the password. It merely hosts the database without the FM commands on the tool bar. It didn't bring up any dialog box either ( i saw that that was an incompatibility of FM to be able to have the password be changed upon the second opening.)

            Ideas?

            PatintheHat

            • 3. Re: User Password creation and reselling
              philmodjunk
                

              You can set up a "change password" screen to which you take the users the first time they log on. They can enter their old and new passwords into text fields (I'd make them global fields) and click a button to change the password.

               

              Your button would fire off a script to change the password. You can look up the Change Password script step in help to learn more about this.

              • 4. Re: User Password creation and reselling
                patinthehat
                  

                Thank you PhilModJunk,

                The Change Password screen with the script sounds great. It seems to be a solid solution to a roadblock I am thinking about. So this will work with the database hosted on a site too, right? It sounds like they can personally change their access to a their specific database with their participation without me being involved.

                Is there any downfalls to this process that I should be aware of?

                Thanks, PatintheHat 

                 

                • 5. Re: User Password creation and reselling
                  patinthehat
                    

                  Hello again, Ninja - 

                  I am hoping to set up partioned databases with RLA - record level access. I set up two accounts along with the Guest account, as a trial. I put in all the restrictions and limited priviledges a la Record_Created_By = Get(AccountName) 

                   

                  You mentioned in your post that the users can change their password and when I would snoop I would just see their password as admin. Just to be clear - - I want to clarify. I am hoping to set up the accounts with 6 partitions, ie 6 users. Are you saying this could happen with me as admin, but because they have the ability to change the password, I wouldn't have access to their records, right??

                   

                  I have also read on forums that multiple users on a db slow it down tremendously, especially if the record numbers approach 5000. Have you heard this? 

                   

                  Thanks,

                  Pat in the Hat 

                   

                  • 6. Re: User Password creation and reselling
                    philmodjunk
                       With a full access password, you wil have access to everything in the database except the users' passwords. If you open Manage | Accounts & Privileges, you'll see all the account names, but in place of the actual passwords you'll see a series of bullet characters. You'll be able to change passwords, delete them, set them so the user has to enter a new one at next log in... You just won't know what the current password is.
                    • 7. Re: User Password creation and reselling
                      ninja
                        

                      patinthehat wrote:

                      I have also read on forums that multiple users on a db slow it down tremendously, especially if the record numbers approach 5000. Have you heard this? 


                      I've "heard" it, but have not experienced it.  Speed at low record counts (50,000 is low) is primarily affected by design IMO, though I would hardly claim expertise in this area.

                       

                      I have ~34 users (probably about 4-8 at any given point in time) on a raw materials management Dbase with 7 tables, ~40 table occurences and 50,000-70,000 records all told.  I see no sluggishness except with finds on unstored calculation fields.

                       

                      Note: I use Filemaker Server, dunno if this affects speed...it was here when I arrived.

                       

                      To second Phil,  FullAccess means just that.  You would have access to all records, all layouts...everything except the users passwords via Accounts&Privileges.  If you chose to go with a password table (I hope not), you would have access to users passwords (that's why I hope not).