Solved

How to protect individual field value in a distributed FileMaker database..??

Posted on 2016-10-05
3
45 Views
Last Modified: 2016-10-10
I have a "PayPal for FileMaker" solution I put together that uses the Scodigo PHP SmartPill plugin.

Scodigo's plugin has a license I have to buy and then I can distribute it with my solution, however, I need to find a way to hide this license key from people that I distribute my solution to, while still making it available to the solution itself so that it can run properly.

Within the solution file is a script like this:

PHPRegister('123456789', 'Product Name');

So the value 123456789 needs to be hidden from users so they can never see it, but still needs to be available to this function within the solution file that I am distributing.

Is there a way I can store the value in a container field that cannot be accessed by anything but the script, or any other way I can handle this situation?

Any information on this would be greatly appreciated.  Thanks!
0
Comment
Question by:Andrew Angell
  • 2
3 Comments
 
LVL 24

Expert Comment

by:Will Loving
ID: 41831020
I have a number of Developer plugin licenses and as long as you've restricted the normal user privilege set to disallow access to Script editing, you can just leave the license key in the script step. Only a user with full access privileges could access it, and if you are distributing the solution as a Runtime, there is an option to entirely remove Full Access privileges from the Runtime solution.

You could enter the key in a global field and then remove the field from any layout, restrict the field access in the Privilege set, and then set the script that calls it to run with full access privileges.
0
 
LVL 11

Author Comment

by:Andrew Angell
ID: 41834551
You could enter the key in a global field and then remove the field from any layout, restrict the field access in the Privilege set, and then set the script that calls it to run with full access privileges.

Any chance you could provide a simple example of this in a bare bones DB?
0
 
LVL 24

Accepted Solution

by:
Will Loving earned 500 total points
ID: 41835258
The attached file shows the use of a global field in a Plugin Registration script. I created a global text field called "LicenseKey", entered the key in it and then removed it from the layout. I then created a script to run the Plugin "Register" function. I'm using the SMTPit plugin as an example, but since you probably don't have that plugin installed, I commented the actual registration string so you can see how I've used the LicenseKey field in the Register function. (it would otherwise simply show "<function missing>" if you didn't have the plugin. The script is set to Run with full access privileges, which I turned on by right-clicking on the script.

Screen-Shot-2016-10-08-at-Oct-8---1..png
I also created a Privilege Sets, Standard User Restricted Field which specifically prevents the user from seeing the LicenseKey field, and also from editing layouts, scripts or value lists. If you log in as "Admin" (no password) you'll see the field. If you login as "Standard" (again, with no password) you can't access the field.

As noted above, you can simply remove the field from any layout, but to be honest,  I wouldn't even both to put it into a field in the first place. The simplest thing to do would be to simply enter the plugin LicenseKey in the plugin Registration function and then restrict any non-developer privilege sets to "Scripts: Execute Only". That prevents users from getting into the script editor at all which they would need to do in order to read the license key in the Set Variable or Set Field script step used to Register the plugin.

As long as you don't allow users to get in using the Full Access Privilege set AND the Privilege set they are using restricts script to Execute Only for scripts you should be perfectly fine including the License Key in the script step as long as the script is set to run with full access privileges.
Example-Hidden-field.fmp12
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
audit trail 6 170
FileMaker to show picture based on field value 2 57
FFmpeg : cut starting 10 sec and ending 10 sec 5 53
Simple Search Script in FileMaker 4 34
Pop up windows can be a useful feature of any Filemaker database.  Though best used sparingly, they can be employed in a multitude of different ways, for example;  as a splash screen at login, during scripted processes to control user input, as pick…
Problem: You have a hosted FileMaker database and users are tired of having to use Open Remote or Open Recent to access the database. They say, "can't you just give us something to double-click on rather than have to go through those dialogs?" An…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now