From Dwayne Wright PMP
Certified FileMaker Developer
Please Note: If you are viewing this page in a news feeder, the images may get munged up a bit or other formatting of the posting may fail. For the best experience, please visit the journal directly by clicking (here).
This is a quick overview of some of the different aspects of FileMaker security. I would recommend that any FileMaker developer should drink in FileMaker security deeply and return to the well often. A wealth of information can be found directly in the support section of the FileMaker.com web site.
FileMaker protection is provided by a system of accounts and associating a defined privilege set to that account. Account settings include authentication type, account name, password, active/inactive, its assigned privilege set, comments and if the password needs to be changed on the next login. A privilege set (which is assigned to the account) is a bundle of selected security options and an account can be assigned to only one privilege set at a time. Default privilege sets include Read Only, Data Entry Only and Full Access. Knowing the particulars of setting up your own defined privilege sets for your workflow needs is one of the most important aspects of FileMaker security.
In most cases, FileMaker authenticates user credentials within the FileMaker file itself but external authentication options are available. I've been working with external authentication quite a bit since introducing FileMaker heavily during my day job at Hasbro. It is fairly easy to implement but does require a different mindset when you are dealing with 20 or 30 independent FileMaker solutions in one work environment. Although a bit dated, there is a FileMaker pdf available that does an excellent job of introducing external authentication ( http://tinyurl.com/86228ek ).
Back to internal authentication, in many published areas, FileMaker themselves declare that the best practice is to have a unique account created for each user of a database system. FileMaker does ship with some default accounts and it is recommended that you deactivate or rename these accounts as soon as possible because they are obviously no secret. This is particularly true if the FileMaker file is being hosted and is readily available to multiple users on a network.
A FileMaker file can be setup to have a default account and password activated when a file is opened. This means that any user opening the file will not be challenged for an account name or password. The file opens with the default account (and associated privileges), a time saver in some situations. It can also be considered a potential security risk in other situations.
Windows Single Sign On (external authentication) or the use of the Macintosh Keychain are other options for easing the pain of logging in.
Bypassing this setup can be accomplished by holding down specific keyboard keys as the file opens (Shift Key - Windows) (Option Key - Macintosh). Windows Single Sign On (external authentication) or the use of the Macintosh Keychain are other options for easing the pain of logging in.
More info about the author and FileMaker in general, contact me at firstname.lastname@example.org.
© 2009 - Dwayne Wright - dwaynewright.com
The material on this document is offered AS IS. There is NO REPRESENTATION OR WARRANTY, expressed or implied, nor does any other contributor to this document. WARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. Consequential and incidental damages are expressly excluded. FileMaker Pro is the registered trademark of FileMaker Inc.