Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Enhance physical security
- 2. Enhance operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 8 and FileMaker Server 8 for security enhancements
- Chapter 3 Build security into your solutions
16 FileMaker Security Guide
• You can enable and disable specific extended privileges, such as Instant Web Publishing, XML,
and XSLT for the Web Publishing Engine. For example, if you know that all files on one server
will be shared with Instant Web Publishing, you can disable all other types of web publishing.
Even if a file includes extended privileges that allow access to XML data, access to XML data
is not available while the file is hosted with that Web Publishing Engine. For more information,
see the
FileMaker Server Advanced Web Publishing Installation Guide.
• If your organization uses centrally managed authentication for users and groups such as Apple
OpenDirectory or a Windows Domain, you can set up accounts that authenticate users based on
your authentication server. This allows you to use your existing authentication server to control
access to databases without having to manage an independent list of accounts in each FileMaker
Pro database file. For more information on authenticating accounts with external servers, see the
FileMaker Server Help.
Important When a database file contains one or more External Server accounts, make sure you
use operating system security settings to limit direct access to the file. Otherwise, it might be
possible for an unauthorized user to move the file to another system that replicates your
authentication server environment and gain access to the file. Group names for accounts
authenticated with the external server feature are stored as text strings. If the group name is
reproduced on another system, the copied file can be accessed with the privilege set assigned to
the members of the group, which might expose data inappropriately.
• Enable log files and file backup features for effective, easy database maintenance.