Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
Chapter 3
Build security into your solutions
Developers and network administrators must assume the responsibility for managing security in the
design and deployment of their database files, and for managing security on a routine basis.
Restrict access with accounts and privilege sets
The primary way to protect your files is to define accounts and privileges in FileMaker Pro. It’s a
good practice to restrict access to every file, with an Admin password that only you know. This will
protect files if other security measures have been bypassed.
Important For information about how security settings in older databases convert to the current
version of FileMaker
Pro, see Converting FileMaker Databases from Previous Versions. See
FileMaker Help for detailed, comprehensive information and step-by-step procedures about using
account names, passwords, and privilege sets.
Accounts authenticate users who are attempting to open a protected file.
• Each account specifies an account name and (optimally) a password.
• Each database file contains two predefined accounts: Admin and Guest. The Admin account,
which should be renamed for better security, is assigned the Full Access privilege set. The Guest
account, which cannot be renamed, permits users to open a file without providing an account
name and password. By default, the Guest account is assigned the Read-Only Access privilege
set, but you can assign a different privilege set in Accounts and Privileges.
• For maximum security, create a unique account for each user.
Privilege sets specify a level of access to a database file. Each database file contains three
predefined privilege sets: Full Access, Data Entry Only, and Read-Only Access.
• Each account is assigned one privilege set, which determines the level of access when someone
opens a file using that account.
• You can create privilege sets to limit database access, such as which layouts and menus are
available and whether printing is permitted. Privilege sets can also restrict access to records or
fields from particular tables within a file.
Extended privileges determine the data sharing options that are permitted by a privilege set. You
can enable privileges to access files shared with a FileMaker network, via Instant Web Publishing,
Custom Web Publishing with XML or XSLT, from ODBC or JDBC clients, and FileMaker
Mobile.
All extended privileges are disabled by default.
Important For maximum security, create accounts that require user names and passwords for all
files. Take advantage of the new security features by requiring users to change passwords after a
specified duration and specifying a minimum character length for passwords.
Tips for restricting file access
• Avoid automatically logging in with an account name and password specified in the File Options
dialog box.