Obfuscation
From Wikipedia: In software development, obfuscation is the deliberate act of creating obfuscated code, i.e., source or machine code that is difficult for humans to understand.
As a developer, your job is to give access to information on a need-to-know basis to users. In FileMaker we have different tools for hiding elements. We can hide a lot of objects from users including but not limited to:
- Data
- Layouts
- Scripts
- Tab panels
- Toolbar
- Menu Items
One tool that has been available in web development is the ability to hide data in a field easily. FileMaker developers had to do some hacking to be able to hide the characters of a password. One way of doing that was to replace the characters one by one with a bullet. Here’s a link to one such method:
In HTML, “hidden“ is a value of input type, just “button” or “checkbox”. In FileMaker 15, we have a new menu item in “Control style” (aka input) called “Concealed edit box” as shown in Figure 1.
What it does is it visually hides anything you type in that field, so once you’ve entered data it will be unreadable by humans as shown in Figure 2.
One use case I see for this feature is to use it in Web Direct: it gives us the ability to allow users to create their own accounts from the web (with a certain, pre-defined privilege set.) Once you’ve logged a user in automatically with a “Guest” account, you can direct the user to a login/create account screen in FileMaker.
Caveats, Things to Pay Attention To
This sounds really great. Your data is not secure, however. It is only hidden from the user’s eyes on the layout. So this feature is not a security feature in FileMaker. If you want to hide some data from your users, I still recommend using the built-in security (record level) features (Manage/Security).
Here are some ways unwanted hands might be able expose the data:
- Place the field on the layout and change the Control style to “edit box” you will reveal the content;
- Copy the field’s content or set fields with it in a script;
- Add the field to Table View;
- Use a calculation such as GetField( “fieldname”) in the Data Viewer to expose the contents of the field; and
- Use a Script step such as SetField (FieldToSet ; DataToSet) to expose the contents of the field.
The bullet count does not match the character count, so even if you have 200 characters you will only see 8 bullets.
You can use Conditional Formatting to format the bullets to your heart’s content. You can use those crazy security measures banks and other institutions use on their web site and show the bullets in red if the input doesn’t meet them.
Security
I would not recommend storing passwords in a database. If you have to allow your users to create passwords, I would make they type the password into a global field on the layout that you empty once you added the account with the password in Security.
Additional Ideas
Just for fun, there are a few plug-ins, that have the ability to encrypt text. A few of these are MBS and BaseElements Encrypt AES. You can encrypt the data in a field with the use of a key word. You could store the key in another database and link to it via ID, encrypt your password, then delete the password. You can always decrypt the information with the key.
The standard practice, however is to just simply reset the user’s password or allow them to reset it themselves.
Download the Demo
Note: The demo file downloads the MBS plug-in so you can test the encryption.
Watch our videos for more FileMaker tips and techniques:
