alecgregory

Sign In Methods

Discussion created by alecgregory on Sep 5, 2018
Latest reply on Sep 5, 2018 by bigtom

I hesitate to start this discussion as security threads often get a bit heated. With that in mind I will try to keep the focus narrow.

 

I am exploring various methods for signing in to a solution hosted on FileMaker Server.

 

The idea is to respect the FileMaker security model. So I'd be interested if anyone thinks any of the methods potentially or inherently fail to do this. In addition, any comments on the merits and ease of implementation of these methods, especially from people who have tried similar methods, would be welcome.

 

Environment / Constraints

  • The FileMaker Server has an SSL certificate installed
  • The solution files will not allow users to save credentials in their keychain / credential manager
  • The solution files will have File Access Protection enabled
  • The solution will be accessed via FileMaker Pro Advanced 17 on Desktops and on iPads either using FileMaker Go 17 or a FIAS app based on SDK 17.0.2. The FIAS app will be distributed via MDM within a single organization.

 

Method 1: Vanilla

Users sign in to the solution via the regular FileMaker sign in dialog.

Desktop and FileMaker Go users

  1. Users are provided with a snapshot link file which opens the solution
  2. Users enter their account name and password using the regular FileMaker prompt

FileMaker FIAS App Users

  1. A startup script in the app opens the solution
  2. Users enter their account name and password using the regular FileMaker prompt

Comments

This method is obviously the most secure. The downsides are that users always have to enter their username and password and they see the FileMaker sign in prompt, which isn't the best looking and exposes the solution file name.

 

Method 2: Launcher File With External File Reference

An offline FileMaker launcher file is used for logging in to the solution via the Open File script step

Desktop and FileMaker Go users

  1. Users are provided with a FileMaker file. When opened it presents them with a FileMaker layout containing two fields, account name and password.
  2. They enter their credentials in the fields and press the sign in button. There is a "remember my username" check box to allow the username to be remembered for subsequent sign ins.
  3. The Launcher file creates a local account with the credentials provided. It then opens the hosted solution using an external file reference
  4. The launcher file deletes the local account it created and closes

FileMaker FIAS App Users

As above but the launcher file is included in the FIAS app package

Comments

I think this method is secure. The launcher file would need to be granted access to the solution file using file access protection which is a bit of extra management overhead if new versions of the launcher file were created with different names.

 

Method 3: Launcher File Using FMP Protocol

An offline FileMaker launcher file is used for logging in via the Open URL script step

Desktop and FileMaker Go users

  1. Users are provided with a FileMaker file. When opened it presents them with a FileMaker layout containing two fields, account name and password.
  2. They enter their credentials in the fields and press the sign in button. There is a "remember my username" check box to allow the username to be remembered for subsequent sign ins.
  3. The Launcher file uses the entered credentials as part of an Open URL script step which opens the solution file.
  4. The launcher file closes

FileMaker FIAS App Users

As above but the launcher file is included in the FIAS app package

Comments

I *think* this method may be a little more secure than Method 2, but I'm not totally sure. This is because there is no need for the the launcher file to be granted access to the solution file using file access protection. The fmpurlscript extended privilege isn't required to open solutions using the FMP Protocol so that wouldn't need to be enabled. There appears to be an issue that the account name couldn't contain a : and the password couldn't contain a @, so this would have to be managed. The server as a SSL certificate installed so the URL including the credentials would be encrypted in transit. I can't think of a situation where the URL would be displayed on the user's screen but if this did happen it wouldn't be ideal.

 

Method 4: Launcher Website Using FMP Protocol

A website for logging in using a web form and the FMP Protocol

Desktop and FileMaker Go users

  1. Users are provided with a link. When opened it presents them with a web page containing two fields, account name and password.
  2. They enter their credentials in the fields and press the sign in button. There is a "remember my username" check box to allow the username to be remembered for subsequent sign ins.
  3. The website uses the entered credentials to change the URL which opens the solution file.
  4. The website clears the password field

FileMaker FIAS App Users

As above except the launcher file contains a web viewer that shows the login website

Comments

This seems like it would be secure, as long as the credentials were handled properly by the web page. Having access available on the web adds additional complications that would need to be handled. This approach is attractive because a webpage is easy to access for users and easy to update.

Outcomes