Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
14 FileMaker Security Guide
8. Test your security measures
It is important to test all scenarios to make sure user accounts are working as expected with all
sharing technologies.
For example:
• Open the file using different user accounts and test each privilege set that you create. Make sure
the restrictions work as planned, and make any needed corrections to your privilege sets.
• Test navigation and scripts with all user accounts. Because accounts might have different
privileges, consider that access to some features, like layouts, tables, and script steps might not
work for all users.
• If users are accessing your databases a variety of ways, for example, on the web with Instant Web
Publishing, XML, or JDBC, test accounts from those technologies as well.
• If you’re publishing files on the web, open scripts and enable Indicate Web Compatibility to ensure
that all steps are supported. If your scripts contain steps that are not web-compatible, the Allow
User Abort script step determines how subsequent steps are handled. For more information, see
the
FileMaker Instant Web Publishing Guide, located in the Electronic Documentation folder
(inside the English Extras folder).
• Test for unexpected results. For example, open files with different user accounts and attempt to
perform actions that users are not authorized to perform. Consider removing access to privilege
sets where possible.
• Recruit other developers to try to access your data inappropriately.
• Run tests periodically; not just during development, but after deployment as well.
9. Assess, iterate, and improve security measures
It's important to take an iterative approach to security. For example, when new users access the
database, you should re-evaluate the appropriate level of access to the data itself and the database
structure, depending on the new users' job duties or roles in a company.
Ask yourself the following questions before developing a FileMaker Pro database, and on an
ongoing basis, as the files change over time:
• What is valuable?
• Why is it valuable?
• How valuable is it?
• How damaging would its loss or disclosure be?
• What is the minimum level of security to prevent loss or disclosure?
• What tools can I use to implement that security?
To assess security, enable log files in FileMaker Pro and FileMaker Server and review users’
actions. You can also track actions if you include scripts and calculations that capture the user’s
account name, password, and IP address.