Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Enhance physical security
- 2. Enhance operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 8 and FileMaker Server 8 for security enhancements
- Chapter 3 Build security into your solutions
24 FileMaker Security Guide
About wireless networks
Another security vulnerability to be aware of are 802.11x wireless networking devices, also called
“Wi–Fi” connections, which include:
• a station (or the device with the 802.11x wireless access) such as a laptop
• an access point (wireless hub or bridge) that is the point of access to the network
• the Local Area Network itself
• an authentication server, a separate device that challenges clients when they attempt network
connections
Radio frequency access to a network leaves it open to packet interception by any radio within range
of a transmitter. This enables intruders to connect through wireless protocols to corporate networks.
These intrusions can be made far outside the customary “working” range by using hi-gain antennas.
For example, if FileMaker Server Advanced is hosting files, an intruder could access data if the files
lack sufficient user account security. An intruder who knows how a WAN controls access might be
able to gain access to the network, steal a valid computer address, and use its assigned IP address.
A typical approach is to wait until the valid computer stops using the network and then take over
its position in the network and gain access to all devices in the network or to the wider Internet.
Important When assessing the physical security of your network, password-protect and encrypt your
wireless networking signals. Always use the maximum level of signal encryption available.
XML considerations
XML and XSLT stylesheets are becoming the industry standard for the access, distribution, and
presentation of data. With the Custom Web Publishing feature in FileMaker Server Advanced,
XSLT stylesheets can be used to filter and transform XML data. This can be used to remove or
modify meta-data in XML files sent to web users (for example, to hide field names) or to statically
define query string parameters (such as database and layout name values) to prevent them from
being exposed to or modified by web users. For more information, see the
FileMaker Server
Advanced Custom Web Publishing Guide.
Note Data formatted as XML is essentially text. This means that it can potentially be intercepted
and read unless appropriate means are used to encrypt it. Whenever you are broadcasting data with
TCP/IP and hosting databases with FileMaker
Server Advanced, you should use SSL encryption in
the web server application. This blocks “packet sniffer” applications, which monitor network traffic
and might be capable of extracting FileMaker
Pro data.
Important Never enable any extended privileges unless it is necessary.
Considerations for Apple events and ActiveX
FileMaker Pro can process commands from Apple events in the Mac OS or from ActiveX in
Windows. This can yield unexpected results, for example, if an external script times out and does
not process the next command.
Whenever introducing third-party technology, test all scripts and user scenarios thoroughly.