9 Replies Latest reply on Jan 30, 2012 11:59 AM by rkappel

    Re-Login and External Data Source Issue

    bbtops

      Hi All,

       

      Been delevoping for FM for about a year now and trying to branch out into IWP for our customers.

       

      I'm trying to setup a separate IWP database file (let's call it #1) that accesses data from another .fp7 file (#2). I'm doing this to try and add a layer of security and keep things clean in our primary database, but yet pull information from database #2 into #1.

       

      I want to give customers the ability to log into file #1 using a guest account, then after they enter their user credentials that matches a table in database #1, the re-login script is called, re-logging them into an account that matches the credentials in both files #1 and #2 so they can access table data in #2.

       

      Here's where the problem lies. After they log into database #1 the external data-source (file #2) doesn't recognize the account, and will not permit records to be viewed in file #1 (expected response). BUT, Even after the re-login script is called, the records from file #2 are still not available and I get a <File Missing> error on associated tables from #2. I get the same problem when using FileMaker and not IWP. If the inital call for user credentials for database #2 is canceled, there's no way without closing and reopening the file to reinitialize the authentication with the external Data-Source.

       

      Am I missing something here? Any workarounds to this or a way to re-initiate the connection to another .fp7 file after the Re-login step is called?

       

      Been banging my head on this for a while now....

       

      Much Thanks!

      -David

        • 1. Re: Re-Login and External Data Source Issue
          bbtops

          Well, in talking to one of my buddies, this has been resolved.

           

          The answer is to run a re-login script in both db #1 and db #2.

          So I setup a guest user in db #2 that only has permission to run 1 script (re-login script), and once the credentials are met in db #1 it calls a script to run a re-login script on both db #1 and db #2 with higher credentials. Works perfect in both FileMaker and IWP.

           

          Hope that helps someone out there!

          • 2. Re: Re-Login and External Data Source Issue
            rkappel

            I am struggling with a similar problem and what you describe sounds good but I am afraid I don't understand how you pass the login credentials between DB's.  Using IWP you cannot run a re-login except without the dialog.  This means you need to provide both the account name and password to the script step using either a field or variable.  The account name I understand but how do you capture the password?  I know that you can create a faux login box and have the user enter an account name and password into global fields and use these to run a re-login without a dialog but that breaks all sorts of security rules.

             

            How are you handling this?

             

            Ray Kappel

            • 3. Re: Re-Login and External Data Source Issue
              bbtops

              Hi Ray,

               

              What I actually did was create a table with usernames and passwords, and

              then scripted a custom login screen to search the table for matching

              username and password. If there was a match then it would run the

              relogin script giving a certain level of credentials.

               

              -David

              • 4. Re: Re-Login and External Data Source Issue
                PSI

                David,

                 

                I haven't.been following this thread closely but storing passwords is a huge security risk. I could hack it in a couple of minutes...

                 

                John Morina

                516.443.0966

                sent from my windows 7 phone

                • 5. Re: Re-Login and External Data Source Issue
                  techt

                  I agree with John on this one. You've completely circumvented the security and that can have some very serious complications.

                   

                  I'm not sure why you feel a need to separate data, as it makes things more difficult as you've discovered and added layers of complexity that probably isn't needed. I've used IWP over the years to permit client access to their data, their customer's data, and even test scores, securely and easily. As long as you restrict the users ability to find and manipulate, IWP is a fine solution for basic data needs.

                   

                  My two cents,

                   

                  Tim

                  • 6. Re: Re-Login and External Data Source Issue
                    rkappel

                    David,

                     

                    Thanks for the reply.  This is the only way I could see you doing it.  As others have noted this is a big security issue so I need to work another way.

                     

                    Ray

                    • 7. Re: Re-Login and External Data Source Issue
                      bbtops

                      Thanks for your replies. I guess I'm a little stumped as to why this

                      would be a security issue. If we have an IWP login with everything

                      scripted (querying the username and password table), and the username

                      and password tables locked down to a specific privilege set, how is that

                      hackable?  I can see having some relationships in there could pose a big

                      threat, but not seeing how a scripted login would.

                       

                      Thanks,

                       

                      David

                      • 8. Re: Re-Login and External Data Source Issue
                        rkappel

                        David,

                         

                        The security issue is in the fact that you are capturing and storing the users password.  In your organization it may not be an issue.  For me however, we use Active Directory for authentication.  I cannot allow a system that will ask a user to enter their AD password into a FM database where it could be viewed by anyone who has admin privledges.

                         

                        Ray

                        • 9. Re: Re-Login and External Data Source Issue
                          rkappel

                          Tim,

                           

                          I appreciate yoru two cents.  The reason I have the data seperated is that I have multiple applications, each with a differnet set of privledge settings.  I like to keep them in one file rather than in each of teh application files.  However, this is a good argumnt for me moving this data to the application files and avoiding the need for accessing multiple files in IWP.

                           

                          Ray