I am asked by a client to make a password vault in FM for their large collections of non-filemaker user names and passwords for their organization ... They want a custom vault hosted on our own server ( They don't trust commercial password saving applications )
They will use Filemaker Client and Ipad to access the Vault .. They will NOT use Web Direct
I am am aware about EAR ecryption for filemaker files
My Filemaker Server uses SSL
I am aware of the password hashing using functions such as https://www.briandunning.com/cf/1708
I am planning to user user roles / privileges and strong passwords for the Full-Access account and give limited access to other members of the team...
But they are concerned about storing plain text passwords
What would be the best way to address the clients concern .... Am I checking the right boxes and Is my approach good in general ?
Please share your thoughts