Re: Separation and Security

Most account management processes can be handled by script commands. But,
see FP's comment on security issues with scripts.

"chris" <pa28_181@xxxxxxxxxxxxxxx> wrote in message
news:1155521984.696036.190500@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have had a go at this and I saw a couple of things..

1) If the password in the main file is the same as the data, it doesn't
ask for a password even if auto login is turned off in the data file,
so the main file pwd must have to be different. So what if I have more
than 2 files? I must have to make them all the same as the main file ??

2) How do I let my users access Define Accounts ? They must have to
open the data file then go Define Accts.. This seems really ugly too...

Any thoughts guys?

Cheers

Chris


chris wrote:
Wow..

That sounds incredibly ugly!!

This is turning out to be not quite as simple as I had imagined..

Are there any other problems with doing it this way I should know about
???

Cheers

Chris


FP wrote:
Another thing you may need to know about is running scripts with full
access.
Assuming an account in the data file doesn't allow delete access on a
contact record. You may think that creating a script with full access
in the interface file will delete the contact record... it won't, the
script must run with full access in the data file to actually delete
the contact record.

This means you have a script in the data file that will delete a
contact record, assumably based on a parameter passed to that script.
This is a bit of a security loop hole since anyone with a password can
see the complete list of scripts in the data file and tell the solution
to run anyone of them at random.

Simply knocking out the menus in the interface file also isn't secure
since the user can create a new FM file, create a file reference to
your data file, then add all the tables in your data file to his new FM
file's relationship diagram and create layouts based on these tables.



.

Relevant Pages

  • Re: Get status of an user account in Tru64
    ... > certain user account from within a script. ... > anything about expiration, by the way (and wouldn't be a solution anyway ... If you aren't using the C2 security features, then there is no such thing as ...
    (comp.unix.tru64)
  • Assistance needed with script.......
    ... have a somewhat simple script, ... I would like to parse from the data file, such as Front Director Paths, ... Device Emulation Type: FBA ... Device Defined Label Type: N/A ...
    (perl.beginners)
  • Re: Assistance needed with script.......
    ... this is the hoh structure ... >> script and the file that I am reading to gather the data. ... >> Device Capacity ... >> I would like to parse from the data file, such as Front Director Paths, ...
    (perl.beginners)
  • Re: Separation and Security
    ... I am not happy with the lack of a script step to change priviledge set ... How do I let my users access Define Accounts? ... open the data file then go Define Accts.. ... Simply knocking out the menus in the interface file also isn't secure ...
    (comp.databases.filemaker)
  • Re: cross matching scripts
    ... I have also tried copy/paste the script content; ... Once the data file is rebuilt, one might think tath one could just drop in the old user file and all would be fine. ... The user file TOC no longer point to the correct data tables, even though the data file is absolutely identical in every definable aspect; ...
    (comp.databases.filemaker)