Is there a setting or script to force FileMaker to Quit after three failed password attempts?
not for regular FMP log on.
You would have to build a scripted process for log on.
Its difficult at best and can be prone to security issues if you are not an expert
No. You could make a script, but that would require the user to already be logged in, which I'm guessing would sort of defeat your whole purpose.
You can set this up. Have the system auto-login to a very limited account (it only has access to the startup script). Then, in the startup script, prompt for the username and password and attempt to login. Allow three attempts before exiting the application.
philipHPG yes but that's easily defeated by holding down option (Mac) or shift (Windows) so it would be security theater at best.
fitch yes, holding down option or shift while opening the file would still allow the user an unlimited number of attempts at signing in.
designing an erstatz security system is like whack-a-mole
I think there's a difference between what S Blackwell calls ersatz security and what the OP is asking for. The user isn't storing passwords in filemaker or relying on this to secure the database. I assume they're just looking to make hacking a little more annoying. After all, a user can simply re-open FileMaker if the application exits.
You can bypass the the "option" by exiting the application if the login script doesn't run under the default account. It's not impossible, but pretty difficult to add a 100% rock solid layer "on top of" (not "instead of") FM's native login. A user with a valid user/pass can access the data in a file and do what their privileges allow if they're clever enough without regards to scripts or layouts.
It takes careful crafting access privileges and scripts to prevent that. So much that it's only theoretical (I've never seen it successful in practice).
@David yes but again -- the user will never get to that startup script until they get past the login dialog, which has meanwhile NOT quit the app after 3 attempts.
Now WebDirect or FM Go is a different story... I don't think the user there has a way to force the login dialog to appear, so presumably you can rely on the startup script to run under a default login. Web usage is really more where you'd worry about this kind of attack. And I presume the concern here is some kind of attack, not just shaming your users.
Sure, they can try multiple times, but you can have the opening script run an Exit App (and/or Delete Account/Change Password) if they succeed when bypassing the default account. Or a handful of other options depending on the use case.
We can go back and forth all day, but without more input from the OP, I don't see the point.
I hope you have read the other comments. I would in no way ever let the user into a solution with guest* credentials, even with the most limited set of permisions. It could probably be done in a secure way, but even the smallest error could cause you problems.
FileMaker* should probably add an even better set of settings regarding passwords/credentials, and will probably do so one day. Including X-strikes-and you are out. I believe it is 5-strikes-and-you-are-out as it is now. Is that not good enough for you?
The three-strikes-and-you-are-out is important, then start like this:
But remember anything you add to/build replace FileMakers very secure security module with can compromise security if you fail!
*It can be OK to have guest login active in some specific cases. Presentation/Kiosk/Info systems, open WebDirect solutions for "unknown" users etc. etc. as long as you understand what you are doing.
But arguing between ourselves is the best part of this forum...
(That was a very dry joke)
Retrieving data ...