For the past six months or so, the FileMaker community has again been deluged with numerous examples of ersatz and artificial security systems that purport to manage Accounts, set privileges, control access, and perform other functions found with the province of the built-in FileMaker Pro security system.
In my judgment and from my experience, such ersatz systems are fraught with vulnerabilities. They give the appearance of security, but they in fact introduce a realm of vulnerabilities into a given FileMaker Pro solution.
Generally speaking, security systems are designed to protect the Confidentiality, Integrity, and Availability (CIA) of data and business process in a file as well to protect developer intellectual property. Items that impinge on CIA or that introduce methods to compromise CIA are–by their definition–security vulnerabilities. Developers and Administrators must assess on a case by case basis the likely risk level attached to a specific threat and the likely impact of any breach on the data, operations, corporate reputation, or people in an organization.
Generally speaking, these ersatz systems work to undermine and to defeat security.
Read more, including specific descriptions of vulnerabilities at http://fmforums.com/forum/showtopic.php?tid/180727/ or http://tinyurl.com/rbo5c.
Recent Comments