Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
Build security into your solutions 21
8. Do not store database files or any sensitive data in the FileMaker Pro Web folder (or sub-
folders).
9. Enable log files to track the IP address of users who are accessing your web published files (as
well as the date and time of requests, and other options).
10. With FileMaker Pro, you can limit access to users who use an IP address that you specify in
advance. When hosting files with FileMaker
Server, you can set limitations on client IP
addresses in the web server application.
11. If you are hosting web-published databases with FileMaker Server, you can use additional
security measures like SSL encryption that may be available with your web server application.
For more information, see
“Using Secure Sockets Layer (SSL) security for web publishing” on
page 23. You can also disable the web publishing technologies that you are not using. For more
information, see the FileMaker Server Web Publishing Installation Guide.
12. If you are hosting web-published databases with FileMaker Server, the Web Publishing Engine
uses certain ports and protocols to communicate with FileMaker Server and your web server.
You may have to open ports or allow protocols on your host computers and firewalls. For more
information, see the
FileMaker Server Web Publishing Installation Guide.
13. If you are hosting databases with FileMaker Server and using Custom Web Publishing with
XML, you can test your security from a web browser to see which elements might be exposed:
• To view the names of the databases that are published on the web with XML, enter this
address in your browser:
http://<ip:port>/fmi/xml/fmresultset.xml?-dbnames
• To view databases published on the web with XSLT, enter this address:
http://<ip:port>/fmi/xsl/stylesheet_name.xsl?-grammar=fmresultset&-dbnames
Select Indicate web compatibility to dim script steps that are not web-compatible