Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Enhance physical security
- 2. Enhance operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 8 and FileMaker Server 8 for security enhancements
- Chapter 3 Build security into your solutions
Build security into your solutions 23
• Review settings for remote access, such as file sharing and FTP, to ensure that direct access to
upload or download files from the host computer are restricted in a manner that prevents
inappropriate access to your files.
• When you host a FileMaker Pro database using TCP/IP, you might be allowing uninvited visitors
access to your host computer and internal network. A firewall is essential to separate your
network and protect files “behind the firewall,” which prevents users on the outside of the
firewall from accessing any TCP/IP addresses that you have not exposed.
Web server security
The web server application performs the critical task of processing and fulfilling requests for data
when you publish databases, images, and other content on the web. When users enter a web address
into their browser, they are requesting the web server software at that address to locate data or an
image and download it to their computer, where it can be displayed in their browser. To protect the
integrity of this process, your web server has its own security mechanism.
If you host databases with FileMaker Server Advanced, use a third-party web server application
such as Microsoft Internet Information Server (IIS) or Apache HTTP Server to publish files on the
web. You can take advantage of additional security features, like SSL encryption, to transport data
from the host to the web clients more securely.
Use encryption or VPNs to protect data
Consider using encryption and VPNs (Virtual Private Networks) to protect your databases on a
TCP/IP network. Encryption is the process of manipulating data (clear text) such that the result
(cipher text) can be understood only by certain applications.
You can protect data by:
• Setting up a secure VPN to encrypt some (or all) of your network traffic as it travels across a
Wide Area Network (WAN).
• Host databases with FileMaker Server Advanced and configure SSL encryption in the web
server application.
• Combining the above.
Using Secure Sockets Layer (SSL) security for web publishing
The SSL protocol is a standardized method for allowing encrypted and authenticated
communication between web servers and clients (web browsers). SSL encryption is only available
to databases hosted with FileMaker
Server Advanced, and is enabled in the web server application,
such as Microsoft Internet Information Server (IIS) or Apache HTTP Server by the Apache Group.
SSL encryption converts information exchanged between servers and clients into unintelligible
information through the use of mathematical formulas known as
ciphers. These ciphers are then
used to transform the information back into understandable data through
encryption keys.
For information on enabling and configuring SSL, review the documentation that accompanies your
web server.