Jump to content

Welcome the ORIGINAL FileMaker Community

Take a moment to join us, no noise, all FileMaker...We Promise

wedgeman

Can AppleScript ->terminal commands be sniffed out/logged somehow?

Recommended Posts

wedgeman

We have a licensing model which includes AES256 encryption (as well as a hashing option), to enable on-the-fly public/private key models.

 

For several reasons, this is running in FMPA 13 and FMPA14 (and it'll have to stay that way for sometime, for various reasons).

 

Currently, we use Applescript to pass various fields and calculations into openssl for encryption, along with salt and a password.

 

However, it vexes me that perhaps AppleScript commands may be discovered, as they are being passed into Terminal, and may be captured via a bash log of some sort (thereby circumventing the entire encryption model).

 

Is this simply unfounded paranoia, or is there any documentation as to any security concerns with this?

 

Is there an expert in this area who would know, and/or is there any documentation regarding this?

Edited by wedgeman

Share this post


Link to post
Share on other sites
Ross MacLane

This does not answer your question but there may be possible work around...In FIleMaker 16 you can use the use the CryptEncrypt function to encrypt data using the AES-GCM authenticated encryption algorithm at the 128-bit level. The returned file includes an encrypted SHA256 digest of data, which is used to validate the data during decryption.

 

Format

 

CryptEncrypt(data;key)

 

 

Parameters

 

data - any text expression or field to encrypt.

key - any text expression or field as the key to encrypt data with.

 

 

Data type returned

 

container

 

 

 

To ease your concerns, you might want to see if this function works in 13-14, I am not sure. If it does work you can get rid of AppleScript. If not you can upgrade to 16. HTH

Share this post


Link to post
Share on other sites
wedgeman

Thanks. Yes, i'm aware of FMP16's built-in encryption options.

 

As mentioned previously, we will be remaining in 13-14.

We have previously considered this and tested it. Unfortunately, it is an unrecognized function within FMP13 and 14.

 

I'm really looking for some definitive knowledge as to whether or not there is a way to 'hide' Applescript Terminal commands from bash history logs...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×