Instant Web Publishing Guide
Table Of Contents
- Chapter 1 About publishing FileMaker Pro databases on the web
- Chapter 2 Publishing your database on the web
- Chapter 3 Working with FileMaker databases on the web
- Requirements for accessing FileMaker databases on the web
- Accessing a FileMaker database on the web
- Working with data in Instant Web Publishing
- Logging out of a database and closing a web session
- Displaying a database with the status area hidden
- Differences between FileMaker Pro and Instant Web Publishing
- Using external ODBC data sources in Instant Web Publishing
- Using external FileMaker data sources in Instant Web Publishing
- Chapter 4 Designing a database for Instant Web Publishing
- Tips for designing layouts for Instant Web Publishing
- Tips for working with data in a web browser
- General database design considerations
- Working with graphics, sounds, and movies on the web
- Setting the initial layout and view
- Hiding the status area to customize the interface
- Specifying the sort order for web users
- Web viewer design considerations
- FileMaker scripts and Instant Web Publishing
- Hosting databases with FileMaker Server Advanced: an overview
- Documenting your solution
- Chapter 5 Testing, monitoring, and securing your site
- Index
Chapter 5 | Testing, monitoring, and securing your site 40
Securing your data
When you publish a database, it is very important to determine who should have access to the
data and to control which tasks users can perform. For more information on securing your
database, see the FileMaker
Pro User’s Guide, available as a PDF file from
http://www.filemaker.com/documentation.
Keep these security considerations in mind when publishing databases on the web:
1 User accounts operate the same regardless of which technologies clients use to access your
files. For example, if you create an account that restricts access to deleting records, users who
access the database with that account name and password will not be able to delete records,
whether they access the data from a web browser, an ODBC data source, or another copy of
FileMaker Pro.
1 It’s safest to create a “web-only” database specifically for web publishing. Make sure the file
contains only the layouts, scripts, and field definitions that you want to expose to the public. For
more information, see the FileMaker Pro User’s Guide.
1 If web users access your files with multiple clients, consider providing them with multiple
accounts. For example, give them an account name and password with more limited access
when accessing the database from a web browser versus another copy of FileMaker
Pro.
1 When enabling Instant Web Publishing for individual files, assign accounts and privilege sets to
web users instead of providing access to all users.
1 If an account limits record-by-record browse privileges but does not limit the privilege to delete
records, it is possible for users to delete records they cannot view.
1 If the same account opens related files, the related data is displayed on layouts containing
related fields.
1 Instant Web Publishing uses the accounts and privilege sets defined in FileMaker Pro for the
best security. For more information, see the FileMaker Pro User’s Guide.
1 Never store sensitive documents or databases inside the Web folder. With FileMaker Pro, you
can put images to share with container fields or static HTML pages that you want to publish in
the Web folder inside the FileMaker Pro folder, but due to web server architecture, all files in
the Web folder are accessible and might be deleted by others.
1 Carefully review your scripts to make sure they are web compatible and that the combination
of steps don’t produce unexpected results. For more information, see
“FileMaker scripts and
Instant Web Publishing” on page 33.
1 As operating system vendors continue to patch security problems, they may disable certain
features, often in conjunction with security settings within the user’s web browser. Such
changes might disable or change the behavior of web viewers in Instant Web Publishing. If such
changes affect your solution, FileMaker recommends that you tell users how to change security
settings in their browsers to allow web viewers to function properly, or ensure that the URLs
used by your web viewers are for trusted web sites only.