Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
22 FileMaker Security Guide
• To view the fields for a record in your database, enter this address in your browser:
http://<ip:port>/fmi/xml/fmresultset.xml?-db=dbname&-lay=layoutname&-
findany
• To view the script names in a database, enter this address in your browser:
http://<ip:port>/fmi/xml/fmresultset.xml?-db=dbname&-scriptnames
• To view the layout names in a database, enter this address in your browser:
http://<ip:port>/fmi/xml/fmresultset.xml?-db=dbname&-layoutnames
For information on query commands and parameters, see the FileMaker Server Custom Web
Publishing Guide.
Protecting your databases from web-based attacks
Start by reviewing the security procedures explained in this document. Your host computer is both
your connection to the outside world and, if unprotected, the outside world’s connection to your
internal network. Verify the following:
• For web-shared solutions, especially on the Internet, consider configurations with two (or more)
computers separating the database from the web publishing components, firewalls, SSL and
other standard Internet technologies. This protects access to your files and protects the
communication between web users’ web browser and the server.
• Review settings for remote access, such as file sharing and FTP, to ensure that direct access to
upload or download files from the host computer are restricted in a manner that prevents
inappropriate access to your files.
• When you host a FileMaker Pro database using TCP/IP, you might be allowing uninvited visitors
access to your host computer and internal network. A firewall is essential to separate your
network and protect files “behind the firewall,” which prevents users on the outside of the
firewall from accessing any TCP/IP addresses that you have not exposed.
Web server security
The web server application performs the critical task of processing and fulfilling requests for data
when you publish databases, images, and other content on the web. When users enter a web address
into their browser, they are requesting the web server software at that address to locate data or an
image and download it to their computer, where it can be displayed in their browser. To protect the
integrity of this process, your web server has its own security mechanism.
If you host databases with FileMaker Server, use a third-party web server application such as
Microsoft Internet Information Server (IIS) or Apache HTTP Server to publish files on the web.
You can take advantage of additional security features, like SSL encryption, to transport data from
the host to the web clients more securely.
Use encryption or VPNs to protect data
Consider using encryption and VPNs (Virtual Private Networks) to protect your databases on a
TCP/IP network. Encryption is the process of manipulating data (clear text) such that the result
(cipher text) can be understood only by certain applications.