4 Replies Latest reply on May 17, 2017 4:14 AM by user23334

    Login Layout, linked to the Filemaker account schema

    user23334

      Hi all,

      probably this is a very frequently asked question, but upon searching the community forum resulted in a no useful result.


      Our problem s very simple and probably: in a FM solution we would like to have accounts created inside the internal security system *Database >> Security ...), but we would like to "challenge" such login, using a customised layout.

       

      Let's say there's a guest accessed layout started wth the solution itself (say it login.fmp12), presenting username and password request: after pressing the login button, we would like to check if the username/password couple is valid for the FM solution itself (and the following ones called by the first dashboard) and proceed the the main dashboard, with the privileged set assigned to the logged in user, otherwise a new login request should appear; after 3->5 attempts a new layout should be presented to ask the user to ask the administrator to reset the password.

       

      Can you describe me a step/by/step list to comply wth these needs ?

       

      Thanks in advance.

        • 1. Re: Login Layout, linked to the Filemaker account schema
          wimdecorte

          You can't do this easily and not without compromising security in some sense.

           

          In order to use your own login screen and attempts-checking you already have to inside your solution and scripts need to run.  Some people will reply to say that you can use an auto-login account with limited privileges so that you can take the user through your layouts and scripts and use the ReLogin script step.  But that has proven time and time again to be a huge risk that usually leads to the file being vulnerable to being compromised.  Scripts can be stopped, the auto-login account will in essence let anyone into the file - even for the briefest of moments and in that moment things can happen.

           

          If you are not happy with the tools that FM gives you to authenticate users, then look at using external authentication instead and leverage the tools available in Active Directory, Open Directory and local accounts/groups in the OS of the FMS box.

          1 of 1 people found this helpful
          • 2. Re: Login Layout, linked to the Filemaker account schema
            user23334

            ok Windecorte, I'm sure you're absolutely right, about security issues.

            I suppose the security breach could happen during the data flow from the login windows to the ReLogin script step, because we cannot use a simple couple of variables, but we need to temporary write username/password couple into a local table and then use them with ReLogin script step, isn't it ?

            • 3. Re: Login Layout, linked to the Filemaker account schema
              wimdecorte

              There's other possible security breaches but yes: you'll be using the data structures to pass security info, which is never good.

              • 4. Re: Login Layout, linked to the Filemaker account schema
                user23334

                Thank you Windecorte: that's what I suspected.

                Honestly I'm not in trouble with Filemaker authentication/authorization BACKEND (inside FM, local-OS, Directory ...): obviously the problem is the FRONTEND (user interface) that is not user customisable with graphics and other useful information to be passed to the FIRST application layout (language, data-set in a multi-company environment ...).

                 

                I'm afraid it's not easy or even possible to find a solution with the current level of Filemaker technology.

                 

                Thank you again.