From Dwayne Wright PMP
Certified FileMaker Developer
Without a doubt, the most secure FileMaker solution is the one that is ...
- never created
- never opened
- has no scripts, layouts, fields or relationships
- not on a computer that is on a network
- only on a computer in a locked room guarded 24 / 7 by secret agents
What an odd way to start a discussion about FileMaker security but I do want to make a point. As you build, use and add features to a FileMaker solution, you will likely introduce some security risk. These new risks are not just for the FileMaker database situation. If anything, it is one of the natural laws of computer systems in the times in which we live. Any file that is designed to be opened on a computer system can probably be comprised by someone that is determined to do so.
Any security measure I describe can likely be defeated. The good news is that although every security measure you put into place could be defeated by that “special” person, hopefully they do not work inside of your company. The vast majority of FileMaker users know about as much about cracking a master password as they do about brain surgery. I also find that most FileMaker users are not that interested in cracking, hacking or doing damage. They just want to do their job, do it well and go home to their families.
You, the FileMaker developer, are responsible to take all reasonable steps for designing the security of the FileMaker based system you put into place. If you have to do it alone, you have less of a chance to be successful. To have a very secure solution, you will need to have the support of the application program, your supervisors, your fellow employees and your FileMaker developer friends. By FileMaker friends, I’m talking about the FileMaker mailing lists. They are a great source of information!
Will your solution or can your solution be perfect, uncrackable and withstand any challenge that could come before it? No, it cannot. Can you design a reasonably secure system that meets most business needs for years to come? The answer to that is “we will see.”
You will never be done securing your database solution. So the ultimate tool in your security scheme is you. Monitoring access, data auditing, testing the electric fences and looking at latest security discussions are always part of the issue.
More info about the author and FileMaker in general, contact me at firstname.lastname@example.org.
© 2007 - Dwayne Wright - dwaynewright.com
The material on this document is offered AS IS. There is NO REPRESENTATION OR WARRANTY, expressed or implied, nor does any other contributor to this document. WARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. Consequential and incidental damages are expressly excluded. FileMaker Pro is the registered trademark of FileMaker Inc.