7 Replies Latest reply on Jan 12, 2012 5:35 AM by ianblackburn

    The "privileges damaged or possibly tampered with" issue

    ianblackburn

      (I also posted this in the non-dev FM forum; apologies if you've read this twice)

       

      For those who haven't run into this before, there's a security 'feature' in FMP that if the user/password info in a file gets altered (usually by file corruption), FMP refuses to open the file. You get this message:

      "The access privileges in this file have been damaged or possibly tampered with. Please contact Filemaker Technical Support if the problem cannot be resolved." If you see this, you are totally hosed. Filemaker Technical Support cannot help you. The "Recover" command will not work in this case.

      As far as I can tell - I've never gotten a definite answer one way or another - this is an entirely arbitrary decision made by the FM dev team. It's not a matter of whether or not the file can be opened; FMP is engineered to refuse to open the file if there's any alteration to the access privileges.

      I understand the reasoning (I think I do, anyway). It's essentially a kill switch in case of an attempt to compromise the security of your data. Considering it's much more likely to be file corruption than Al-Qaeda breaking into your database, though, it seems a bit draconian.

      I wish there was an option to be warned about the access privilege corruption rather than a total lockout from the file. Something along the lines of "Hey, your access privileges have been damaged or possibly tampered with. Either way, you should really do something about that right now. Should I continue opening this file?" At least you'd get a fighting chance to salvage your data.

      I will allow as how I may be completely misunderstanding this whole thing, in which case I'd be most appreciative for some education.

        • 1. Re: The "privileges damaged or possibly tampered with" issue
          comment

          ianblackburn wrote:

           

          "Hey, your access privileges have been damaged or possibly tampered with. Either way, you should really do something about that right now. Should I continue opening this file?"

           

          Wouldn't that be something like a lock saying "Hey, you are trying to insert the wrong key. Should I assume you are drunk and continue opening the door - or are you a real burglar?"

          • 2. Re: The "privileges damaged or possibly tampered with" issue
            ianblackburn

            I see your point, but the way things presently work, it's like the lock saying "Hey, there are some screwdriver scratches around me. Since this may indicate a break-in attempt, this house will remain permanently locked. Please move into your backup house."

             

            I'm not saying you shouldn't have to authenticate in some manner when opening a secure file, but unless the access privs are so garbled that FMP can't retrieve even one set of account credentials, you should be able to try to open it. I get the impression that if they simply fail a checksum, it's game over.

            • 3. Re: The "privileges damaged or possibly tampered with" issue
              techt

              I've seen this a couple of times in over ten years of FMP development. In one case, a file went south on its own as near as I could tell. Another is where a cracker program was used to try and gain access. Yes, a warning would have been nice, but in the case of the corruption being discovered, I think the only real option is to lock it up and throw away the key. It would be the only way to keep the file secure. It's certainly preferable in my mind over having someone run off with weeks or months of work. The only recovery is a backup. Hopefully you have a copy about that you can use. 

              • 4. Re: The "privileges damaged or possibly tampered with" issue
                ianblackburn

                I run hourly backups for this very reason, although that doesn't help if you don't discover the corruption early, since the corruption will be present in your backups.

                 

                I don't worry too much about someone using one of those cracking tools, since nobody else has filesystem-level acces (they're served by FMSA). And I do understand the logic of why this works the way it does, but I wish there was some way to specify how hardcore you want to be about security.

                 

                I guess the root of the problem, and my frustration, isn't really in the FM security model. It's that there doesn't seem to be any robust file-integrity checking capability, or at least not that I know of.

                • 5. Re: The "privileges damaged or possibly tampered with" issue
                  comment

                  ianblackburn wrote:

                   

                  unless the access privs are so garbled that FMP can't retrieve even one set of account credentials, you should be able to try to open it. I get the impression that if they simply fail a checksum, it's game over.

                   

                  If there's something that I don't like about this feature, it's that it doesn't work well enough and can be bypassed too easily. As you say, the real issue here is file corruption - and I wouldn't want to see a "solution" to that based on relaxing the security even further.

                  • 6. Re: The "privileges damaged or possibly tampered with" issue

                    Ian,

                     

                    we repair such files (and files with other problems) regularly. Whenever possible the file you get back is as genuine as it was before the damage. If you have an earlier copy or clone (no matter how old) we usually restore the access privileges from that file.

                     

                    Please read <http://fmdiff.com/repairs.html> for details.

                     

                     

                    Winfried Huslik

                    • 7. Re: The "privileges damaged or possibly tampered with" issue
                      ianblackburn

                      Good to know, thanks. I'd love to know your methodology, but I'm guessing that's propietary.