2 Replies Latest reply on Feb 12, 2014 8:47 PM by geoffc

    Obtaining access privileges


      I have managed to convert from FileMaker Pro 4 (fp3 files) to the latest fp12. The only access password I have, is what the users currently use. This appears to not have full privileges, but then, I am also using a demo version of FMP 13. Not sure if that's an issue. I only want to strip all the data out of this system, because its not worth working with, I plan to use a third party template that I can buy with heaps more functionality. But, when I open the file with FMP 13, the menu item "File/Manage/..." has all items greyed out. Same for all export options. This sure looks like a privilege issue?


      But curiously the FMP help regarding this issue, refers to a menu item that i dont even have? Is this a case where i will need to buy the Advanced product, because perhaps in the developer tools there is something?


      Is there any way I can get this data? Even with a third party product?



        • 1. Re: Obtaining access privileges
          George Nassar

          Assuming that the admin account hasn't been stripped out (was that even possible in Pro 4?  I can't remember!), you can recover the passwords of every account in the file with a third-party tool, yes.  (From FM 7 onward, the passwords became far more difficult to recover, and you would instead have to overwrite the old passwords to get into the accounts.)


          The go-to guys for this stuff for a while now have been Passware, http://www.lostpassword.com/filemaker.htm , though there is a newer tool that is cheaper: http://www.password-service.com/filemaker-password-recovery.php .  Either one can recover all passwords from FP5 or earlier files, as well as recover simple passwords from FP7 and later and overwrite more complex ones.  Passware's tool also has some nice advanced features and can at least try to recover more complex recent passwords, but is a bit pricier than the other one.  (You may also be able to use the demos of either to recover just enough of one of the passwords to where you can guess the rest -- but we're developers, and somebody worked to make that software, so I feel they deserve their money.)


          Of course, questions of propriety inevitably arise in dealing with things like revealing passwords, so while I get from your other post that this is a real need for you, I do need to address those here.  So: Knowledge of the existence of password hacking tools isn't something that benefits from security by obscurity.  It has to be assumed that if someone with malicious intent is approaching this problem, Google will find the available solution for them very easily.


          So the real morals of this story, as far as information assurance goes, are: security is a continuum, not an on/off switch; there is *no* such thing as absolute security when physical access to a target is provided; one should therefore make sure available access to anything requiring strong security is done through interfaces providing masked or hashed sensitive data; and particularly in FM, if you need to hand over a file and have sensitive data or passwords stored there that you want secure for years, you better strip those [Full Access] rights from it!


          Best of luck.

          • 2. Re: Obtaining access privileges

            Awesome. Best US$29 I ever spent I think, although from a personal satisfaction point of view, it would have been nice to find a tougher admin username and password. LOL.


            I understand the issues regarding cracking files, but without this tool, we were going to be stuck. And its a totally legitimate use. So thanks once again.