1 2 Previous Next 27 Replies Latest reply on Apr 25, 2013 9:39 PM by MarkNZ

    Opener file Password

    MarkNZ

      Hi all,

      Is it a used practice to have the clients account name and password connected only to an opener file on there machine and not at the DB end? or is this a huge security risk?

      Im trying to avoid the client entering there log on details twice. Once on the opener file and again once they get to the DB end.

      Does the opener file not need any password etc.If so How would i prevent the client getting into the opener file...I the developer would still need to access it of course.

      your thoughts appreciated.

        • 1. Re: Opener file Password
          keywords

          Two suggestions:

           

          1.     Use the opener file purely to open the main file and then close itself. If you need to stop on the opener file use a modifier key which, when active, runs an alternate part of the script. Log in is then handled in the main file.

           

          2.     Set up a log in process in the opener file and collect the details to reuse in the main file so that the user does not have to do it twice. This way you can give yourself an option to stop on the opener file if needed, but no other user.

          • 2. Re: Opener file Password
            MarkNZ

            Hi keywords,

            Thanks for your answers..Could you please explain how I would "collect the details to reuse in the main file"  cheers

            • 3. Re: Opener file Password
              keywords

              You need to create a script to control the login process. Assuming a login name and password are entered by the user, use Set Variable script steps to collect both values, then pass these values to the main file login script and have the script insert them rather than the user having to do it again.

              1 of 1 people found this helpful
              • 4. Re: Opener file Password
                MarkNZ

                Thanks keywords..

                • 5. Re: Opener file Password

                  Keywords said, "You need to create a script to control the login process. Assuming a login name and password are entered by the user, use Set Variable script steps to collect both values, then pass these values to the main file login script and have the script insert them rather than the user having to do it again."

                   

                  Really?  Sorry but I could not disagree more.

                   

                  Mark,

                   

                  I am not where I can respond in depth but please do NOT store password in variable; in fact how could you using FM login?  You only need to sign in once ... in the main file and those accounts should exist in all your files except opener and other files will use same login automatically when the other file is opened.  You will NOT be asked TWICE if same account name is calling another file.

                   

                  Opener opens (no credentials or accounts), calls the main file's startup then closes.  Also check out possibility of using external authentication or just providing users with link.

                   

                  Sorry for cryptic message - tiny screen and very bumpy road. 

                  1 of 1 people found this helpful
                  • 6. Re: Opener file Password
                    wimdecorte

                    Ouch... I very strongly advice against storing credentials in variables, or anywhere else where they can be easily gotten to.  If an opener file is going to compromise the security of the solution then find an approach that does not require an operner file, such as an opener link/url.

                    • 7. Re: Opener file Password
                      wimdecorte

                      MarkNZ wrote:

                       

                       

                      Im trying to avoid the client entering there log on details twice.

                       

                      With an opener file they would not have to enter credentials twice.  Not sure where that misconception comes from but the rest of the thread goes in a direction that would nothing but compromise security.

                      • 8. Re: Opener file Password
                        mbraendle

                        Wim and LaRetta are both right. There is no need to pass credentials as parameters. This could compromise security.

                         

                        A typical opener file has a guest account that is configured to be used automatically in its file options, and a startup script that calls the target file and an opener script in the target file and which closes the opener file at the end.

                         

                        If there is no activated guest account in the target file, the target file will ask for the credentials and continue with the opener script.

                        If there is an activated guest account, so what? It will open without any credentials anyway.

                         

                        Usually one also defines an Admin account with full permissions in the opener file to be able to edit it. This account should have a different password than the Admin account used for the target file.

                         

                        In the attachment you find an Opener file which goes closely along the template described in Ray Cologon's FileMaker Bible.

                         

                        If you double-click it with the Option or Alt key pressed, you can inspect it using account "Admin" and password "Admin" as credentials.

                        • 9. Re: Opener file Password
                          MarkNZ

                          Hi LaRetta,

                          Thanks for your suggestions..Im wanting to create a opener file that 1) cant be tampered yet 2) dosnt require a login.

                          The extra log in was happening because I set the option on the server to request account name and password to allow the client to see the file obtaining to them only.

                           

                          Im running 2 small DB's on the one server, but I dont want both Businesses viewing the 2 available Files...how can i avoid this?

                           

                          Regards

                          • 10. Re: Opener file Password
                            MarkNZ

                            Thanks wim..see my comment above to LaRetta

                            • 11. Re: Opener file Password
                              MarkNZ

                              Hi Martin..thanks for your excellent input..

                              Can I have the guest on the opener file have the radio button selected as guest upon clicking the file on the desktop? not as you see it...or can you avoid this dialog altogether because quest has been selected?

                              11.JPG

                              • 12. Re: Opener file Password
                                Malcolm

                                Thanks for your suggestions..Im wanting to create a opener file that 1) cant be tampered yet 2) dosnt require a login.

                                 

                                The extra log in was happening because I set the option on the server to request account name and password to allow the client to see the file obtaining to them only.

                                 

                                In that case the authentication requests are completely separate. The first is from the server to determine the file list they are entitled to use. The second is from the file that was requested by the user.

                                 

                                Im running 2 small DB's on the one server, but I dont want both Businesses viewing the 2 available Files...how can i avoid this?

                                 

                                What you can do is this: before loading a file to the server you can change the settings under File -> Sharing -> Filemaker Network. There is a checkbox that says "Don't Display in Remote File Dialog". It is only security through obscurity, if they can guess the name they can still attempt to open the file.

                                 

                                Malcolm

                                • 13. Re: Opener file Password
                                  wimdecorte

                                  MarkNZ wrote:

                                   

                                   

                                  Thanks for your suggestions..Im wanting to create a opener file that 1) cant be tampered yet 2) dosnt require a login.

                                   

                                   

                                  Assume that if you give physical access to file (like an opener file), it can be tampered with.  So the less you put it in it the more secure it is.

                                   

                                   

                                  MarkNZ wrote:

                                   

                                  Im running 2 small DB's on the one server, but I dont want both Businesses viewing the 2 available Files...how can i avoid this?

                                   

                                   

                                  If you are an all Windows deployment, look into External Authentiation and the SSO ability that comes with that.

                                   

                                  Another option is to put the FMS machine on a different subnet than the clients.  Then it would not show up for them under "local hosts".  That's still security through obscurity because if they know the IP address of the server they would still be able to see the files.

                                  • 14. Re: Opener file Password
                                    keywords

                                    My second suggestion caused some consternation, and fair enough. My preferred approach is as per my first suggestion, a simple opener file which does not request login and functions purely to open the main file and then close itself.

                                    1 2 Previous Next