Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
Build security into your solutions 19
• Wherever possible, assign a unique password for each user. If you must share user accounts, be
sure to change the password regularly.
• Do not record your passwords in a master file or list unless the file or list is well secured.
• Do not share user accounts with other users; users should only receive account names and
passwords from file administrators.
Considerations when hosting files with FileMaker Server
Keep the following points in mind when hosting databases with FileMaker Server:
• If you enable remote access, be sure to require a password. See the FileMaker Server online Help
for more information.
• Store FileMaker Pro files on a local server (not on network directories). One of the most
important performance factors is reading and writing data quickly to disk.
• Disable file sharing or ensure that files hosted by FileMaker Server cannot be accessed directly
by users. If a FileMaker
Pro file can be copied from a file server, it is vulnerable to attack “off
line.” For example, group names for accounts authenticated with the external server feature are
stored as text strings. If the group name is reproduced on another system, the copied file can be
accessed with the privilege set assigned to the members of the group, which might expose data
inappropriately. For more information, see
“Security enhancements in FileMaker Server 7” on
page 15.
• Suppressing a filename in the Open Remote dialog box, or the Instant Web Publishing Database
Homepage is not a replacement for using accounts and privileges to protect a file.
• FileMaker Server command line interface (CLI) commands can include account names and
passwords. Make sure that unauthorized users cannot view passwords that are part of CLI
commands typed onscreen. To limit access to script files and batch files that contain CLI
commands with passwords, use the file ownership and permissions features of your operating
system.
Web publishing security considerations
FileMaker Pro software enables you to publish databases to your intranet or the Internet, so that
users can browse, search, and update the databases using web browser software. This introduces
more risk than sharing files with other FileMaker
Pro clients.
Tips and considerations when designing databases for web publishing
1. Define accounts and privilege sets.
• Protect all files with user names and passwords. You can use the Guest account, which logs
in with a default user name and password, if it’s not practical to use unique accounts for
clients. However, this makes your file available to anyone who has the IP address or domain
name of the computer hosting the database.
• Assign privileges to modify data and database structure only if necessary.