2 Replies Latest reply on Nov 14, 2008 12:23 PM by Kundinger

    Database Password issues



      Database Password issues

      Your post

      We are using Filemaker Server 9 and some of our databases are password protected due to sensitive information.


      We have one main database that calls several others (these were all set up in 5.5, so are still separate DBs vs. tables).  In the past, when the main DB opened one of the pwd-protected files, we'd get the password dialog box then.


      Starting yesterday and for apparently no reason, the main DB started asking for a password upon opening.  It will not accept the set password and we are locked out of our database.


      We tried restoring the DB from a backedup version, but it still asks for a password and won't open.


      Today we tried changing the password for the protected DB called by the main one, and now we cannot open either DB with either password.


      Holding down the shift key doesn't help, using "Admin" as the username with no password doesn't help, using the password as both the username and password (used to be a blank username and password) doesn't help.


      Please help me solve this so we can use our databases again!

        • 1. Re: Database Password issues


          Hi "Margaret",


          I'm guessing that someone...  user, visitor, ex-employee, hacker, etc. may have opened the "main" file and 'related' file[s] and added a new password.  This could have been done purposely or inadvertantly.


          To solve your problem...


           - question all users about the change  --  if one user can access the file, they may be the culprit

           --- if you find the culprit and they use a Macintosh, you may find the password in their "Keychain" 


           - you may be forced into going further back in your backups


           - you could Goolge search for a password cracker utility



          I hope this helps... Good Luck!!!


          • 2. Re: Database Password issues

            Hi "Margaret",
            I know that this is not something you want to hear right now, given your current situation, but...
            I'm unaware of your organizations specifics regarding organizational info security; network design; info management design; and personnel policies & procedures.  Below, I present some discussion on the importance of security and some links to FMP security resources.
            It sounds as though you have NO security in your FMP info system...  NOT using a password for the "Admin" [Full Access] account.  This leaves your system and all of it's invaluable information OPEN to anyone to have access to both internally and externally (from the Internet).  In today's world information can be more valuable to an organization than all it's assets and personnel.
            I understand that sometimes 'little' things like passwords are a hassle to users and that info systems start out small and develop into larger systems over time.  This still does not negate the importance of security. 
            Your network manager, DB manager & organization's CEO should read the FileMaker Security Guides
            Your network manager may want to incorporate FileMaker security into the Active Directory or Open Directory authentication systems
            Your CEO may want to form a Information Security Team to include the CEO, a lawyer, the DB manager (or consultant), the network manager (or consultant), and a security consultant.  This team should discuss the value of your organizations information from the standpoints of...  lost revenue due to data loss;  data recovery costs;  value of negative public exposure to your information; etc.  They should then determine the risk of such situations.  From this they should develop a simple security plan with the appropriate policies & procedures.
            FYI...  Most states and the federal government have regulations regarding the 'disclosure' to law enforcement when there is a breech of information security that results in the 'exposure' of "personal information".  Meaning, if your organization keeps any personal data (social security numbers, driver's license numbers, credit card numbers, etc.) about your clients, and this data is lost, stolen, or accessed inappropriately, your organization is required to contact law enforcement.
            Enough said...  I apologize for sounding harsh.  I hope this discussion will benefit you and any other reader out there!