Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
24 FileMaker Security Guide
XML considerations
XML and XSLT stylesheets are becoming the industry standard for the access, distribution, and
presentation of data. With the Custom Web Publishing feature in FileMaker Server, XSLT
stylesheets can be used to filter and transform XML data. This can be used to remove or modify
meta-data in XML files sent to web users (for example, to hide field names) or to statically define
query string parameters (such as database and layout name values) to prevent them from being
exposed to or modified by web users. For more information, see the
FileMaker Server Custom Web
Publishing Guide.
Note Data formatted as XML is essentially text. This means that it can potentially be intercepted
and read unless appropriate means are used to encrypt it. Whenever you are broadcasting data with
TCP/IP and hosting databases with FileMaker
Server, you should use SSL encryption in the web
server application. This blocks “packet sniffer” applications, which monitor network traffic and
might be capable of extracting FileMaker
Pro data.
Important Never enable any extended privileges unless it is necessary.
Considerations for Apple events and ActiveX
FileMaker Pro can process commands from Apple events in the Mac OS or from ActiveX in
Windows. This can yield unexpected results, for example, if an external script times out and does
not process the next command.
Whenever introducing third-party technology, test all scripts and user scenarios thoroughly.