5 Replies Latest reply on Feb 9, 2017 3:26 PM by Malcolm

    Security Issue

    dbail22@comcast.net

      I have an issue with the "Credential Manager". This allows someone to click a box and then anyone using that computer with or without approval has access to the level that the original user has.  In larger companies we cannot police computers at that level each day to see if someone has selected that box.  This created a recent problem where a employee used a computer on a day the owner was out to access information they had no right to.

       

      To me this is a serious security problem that needs a fix.  Something like our abilities to modify menus to eliminate or include desired commands.

       

      David

        • 1. Re: Security Issue
          CamelCase_data

          What version of FileMaker are you using? Current versions allow you to deactivate storing the login in the Credential Manager  (File > File Option > Open).

          1 of 1 people found this helpful
          • 2. Re: Security Issue
            Malcolm

            Current versions of FMP include a fix for this issue.

             

            You may want to look at security more broadly. Staff with higher privileges probably have access to a lot of other information too. Their email, spreadsheets and word docs are all at risk. Staff should be logging out at the end of the day. Screen savers should be set to activate automatically and require a password to unlock the monitor.

             

            Malcolm

            • 3. Re: Security Issue
              dbail22@comcast.net

              Yes you can disable the feature.  But as people come and go and some get lazy you cannot check each computer each day and filemaker has no calculation to report if it is being used.  And you can talk about having people sign out each time they leave their computer but it is not going to happen and all it takes is a small amount of time.  We even enabled screen savers with a password but some disabled them saying they had to enter their password too many times each day.  I think this feature/problem is a mistake.  Why have a password if anyone starting the computer can access data without having their own password.

              • 4. Re: Security Issue
                CamelCase_data

                Since this is a file option, not an application preference, I don't see why you would need to check on any computers at all?

                Provided that not everybody is using a full access account, you set the preference once as a developer, and then it will apply to all users.

                 

                As Malcolm mentioned, you may need to review your security setup more in general - if, e.g., users are indeed using a full access account, that's obviously a very major concern that you should address immediately.

                1 of 1 people found this helpful
                • 5. Re: Security Issue
                  Malcolm

                  dbail22@comcast.net wrote:

                   

                  Yes you can disable the feature.

                  Then do so. That's what you want. Once it is disabled the file no longer attempts to use stored credentials.

                   

                  You can control the length of time that users remain connected to the server and you can control reauthentication periods too.

                   

                  If you are using external authentication in a windows environment, the user access privileges are picked up by filemaker, so it is not necessary to login to FMP separately. Perhaps that is something to explore.

                   

                  Your more general complaint is about workplace culture. That is a completely different kettle of fish.

                   

                  Malcolm