« MBS FileMaker Plugin … | Home | 18 years since MBS Fi… »

Things learnt about FileMaker

Going to a FileMaker conference teaches you a lot of things. You talk with a lot of experienced developers and enjoy some great presentations. Let's think about a few I remember:

PSoS vs. job queue

The call to PSoS takes time to start the session, open files, load schema, run open and close script triggers. It can be quicker to use a job queue table and run one script server side to check every few seconds if the queue has new entries and trigger scripts to process the jobs. This script just pauses most of the time and still is very responsible.

More OData

Claris looks into improving their OData support for the next releases. And then eventually the ODBC/JDBC support will internally go through OData to provide connectivity for older systems, that can't yet do OData.

Start find mode

If you do "Go To Layout" and then "Enter Find Mode", consider doing the find mode first, before you switch the layout. That may be a bit quicker as it avoids the full layout loading in the first place.

Disable print/export privileges

In privileges you may want to disable printing and export for your normal users. If the user can print or export, they can just dump all your data into a CSV or PDF file and leak it. If you need them to print (or export), use a sub script with full access and let it do the print or export command. This way you can control what can be printed or exported and limit it to reasonable amounts.

PSoS with Callback resumes

PSoS with Callback has a waiting time of 10 minutes to deliver the callback. If the client calling PsoS with Callback disconnects or crashes, the callback doesn't get delivered. Unless of course it reconnects within these 10 minutes and then the callback script may execute.

Proactive Recover

Regularly take a copy of the databases and run recover on them. Just to see what FileMaker says about it. You may have unknown issues in the databases and eventually the file won't open in the future. Recovering to check and then if needed actually recover the file in production to fix an issue it found. It helps to regularly run DDR or Save as XML and archive them, so you can compare what changed over time.

Globals are public

Don't store secret values in global variables. Don't assume people can't figure out a variable name and just query it somewhere with a Let statement inserted in a calculation. And that could be a field somewhere whose content is sent to Evaluate() somewhere.

Layout calculations in English please

Speaking of calculations. Layout calculations should for the time being always written in English. Because they are stored as text internally, the execute just like Evaluate() does. And evaluate can run expressions always in English and additionally in whatever language the user uses. But if I enter my calculation in German and run it on a French system, it would not work. One of the next FileMaker releases will change this to store calculations as parsed tokens, so they run everywhere.

Store passwords hashed, salted

If you need to store login credentials for some other service in your database, consider encrypting individual values and using a random UUID per record as a salt to the encryption, so each record has it's unique encryption key.

Next if you store user name and password, consider storing them in two different tables. Don't connect them directly with a relationship. Have an UUID in the first table. To find the matching password, require doing a salted hash of that UUID and then finding the hash in the second table. This way if someone can read both tables, they have no clue what belongs to each other.

Consider filling both table above with 10000 randomly generated users and passwords to make it a bit more difficult for anyone who gets your database dumped. If someone would try passwords with usernames, they would have an awful more combinations.

Android via Xojo

A few people saw I also make plugins for Xojo. Since Xojo can do Android apps, you can use it to make such an app if you need one and have it talk to FileMaker Server via Data API or OData.

There was probably more, but you can't remember everything. Except that one speaker started with telling us, that we forget half of what he said within an hour or so... Please join one of the conferences to be there yourself.

Claris FileMaker Plugin
07 09 24 - 05:25