Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Enhance physical security
- 2. Enhance operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 8 and FileMaker Server 8 for security enhancements
- Chapter 3 Build security into your solutions
14 FileMaker Security Guide
7. Install, run, and upgrade anti-virus software
Because most computers have Internet access, they are vulnerable to viruses being transmitted
through email attachments. Make sure all employees run anti-virus checking software regularly,
and that they are aware of typical virus warning signs. Employees should scan all files before
copying or downloading them to their computer, and they should never open unsolicited
attachments, even if they’re from someone they know.
Note Do not run virus protection software on open, hosted databases. First, close the databases, then
run the virus protection software.
8. Test your security measures
It is important to test all scenarios to make sure user accounts are working as expected with all
sharing technologies.
For example:
• Open the file using different user accounts and test each privilege set that you create. Make sure
the restrictions work as planned, and make any needed corrections to your privilege sets.
• Test navigation and scripts with all user accounts. Because accounts might have different
privileges, consider that access to some features, like layouts, tables, and script steps might not
work for all users.
• If users are accessing your databases a variety of ways, for example, on the web with Instant Web
Publishing, XML, or JDBC, test accounts from those technologies as well.
• If you’re publishing files on the web, open scripts and enable Indicate Web Compatibility to ensure
that all steps are supported. If your scripts contain steps that are not web-compatible, the Allow
User Abort script step determines how subsequent steps are handled. For more information, see
the
FileMaker Instant Web Publishing Guide, located in the Electronic Documentation folder
(inside the English Extras folder).
• Test for unexpected results. For example, open files with different user accounts and attempt to
perform actions that users are not authorized to perform. Consider removing access to privilege
sets where possible.
• Recruit other developers to try to access your data inappropriately.
• Run tests periodically; not just during development, but after deployment as well.
9. Assess, iterate, and improve security measures
It's important to take an iterative approach to security. For example, when new users access the
database, you should re-evaluate the appropriate level of access to the data itself and the database
structure, depending on the new users' job duties or roles in a company.
Ask yourself the following questions before developing a FileMaker Pro database, and on an
ongoing basis, as the files change over time:
• What is valuable?
• Why is it valuable?
• How valuable is it?