7 Replies Latest reply on Jul 15, 2014 8:22 AM by philmodjunk

    Authentication

    j.hall

      Title

      Authentication

      Post

           We are using signatures to "Sign" documents in filemaker. Sort of...

           Because many of the approvals are done on the computer, typically Windows, what has been set up is that a table that has the users name, password (Plain Text - GASP!), and a scanned, cropped version of their signature.

           When someone needs to "Sign" a document they select their name from a drop down, it asks for their password (via script) and then copies their signature to the "Signature" field. 

           As you can imagine, this proving to be unreliable. As well as being a bit ungainly to manage. 

           I haven't found anything on doing this, but I'm wondering if there is a way to as a user for their log in credentials for filemaker server to do the authentication...

           Baring that, does anyone have a better solution they have found to manage this situation?

        • 1. Re: Authentication
          philmodjunk

               I would use the user's account name, not their password in order to select the correct signature image. And you might want to protect yourself from liability issues by using something else instead of a signature image for "signing" documents as you would not want a security breach to result in these signatures being used in a fraudulent manner leaving you holding the bag for having scanned signatures in the first place.

               There is a script step called "re-login" that can bring back the password log in dialog. You can ask the user to log back in all over again, check for an error code using get ( lastError ) to make sure that they successfully logged back in and then you can use their account name to find their signature data.

          • 2. Re: Authentication
            j.hall

                 OK, I will look at that...

                  

                 The Next issue is that there are many occasions on the floor where someone hand's their iPad on the Manufacturing line, to their supervisor, to "Sign Off" on something. 

                 Wouldn't re-log in then leave them signed in as the other user?

            • 3. Re: Authentication
              philmodjunk

                   Wouldn't re-log in then leave them signed in as the other user?

                   The same script that finds the correct "signature" can then do a second re-login once that is done and thus the device is not left logged in under the other user's account.

                   An alternative approach is to use Show Custom Dialog with an input field--which can be formatted with bullets like a password log in, to control access for this. But this requires that your script explicitly control either a second set of "passwords" for your users or explicit control of your users defined passwords, which lessons your system security by a bit as well as complicating account management for them.

              • 4. Re: Authentication
                j.hall

                     We are of course using the "Passwords" option on the dialog box.

                     I really wanted to find a "Cleaner" solution. You know, like being able to use the authentication in filemaker but that's not an option that I can figure out a way to do it.

                      

                     I guess the only thing to do here is to restrict them from being modified after they are "Signed." And have a script step that exits the script if a document is already signed so it steers clear of the of the other information. 

                      

                     We had a script get halted and it landed them on the table layout with all the passwords and names for all the users. BIG part of why I am trying to figure out a better way to do this.

                • 5. Re: Authentication
                  philmodjunk
                       

                            I really wanted to find a "Cleaner" solution. You know, like being able to use the authentication in filemaker but that's not an option that I can figure out a way to do it.

                       Please read my suggestions again. The custom Dialog option was proffered as "plan B". "Plan A"--re-login can do what you need here and avoids the need for specifically working with password data. Just have the script do a second re-login after doing the needed tasks that required authorization.

                  • 6. Re: Authentication
                    j.hall

                         No, I hear you, the problem is the logging out and logging back in thing. Many of the users on the Manufacturing floor, may not deal with this very well. I'm going to see if it's workable, and go from there. We are basically doing Plan B now. But even THAT needs some modifications. (Like all the passwords boxes need to be changed so they can't be exported? - Just one of about 10,000 issues I have to fix in this database, but hey, Job security right?)

                    • 7. Re: Authentication
                      philmodjunk

                           I don't see where that would be a big issue. User 1, taps a button to get approval and the password dialog appears. They hand it to the supervisor who enters their account name and password. This system accepts their password, the approval is logged and a new password dialog pops up. The supervisor hands the device back to the original employee, they log back in and get back to work.

                           But if you decide to build and maintain a table of passwords, you can store them in your table in scrambled or encrypted format. You can use a calculation to scramble the data or you can (I think) use a plug in to encrypt that data in the field. (But then FM GO doesn't support plug ins, so I guess that one's out for iOS use...)