Database Server security settings
Database Server security settings
Note  The following information is for server administrators.
To specify Database Server security settings, click the Database Server > Security tab.
Do this
Specify whether to authenticate access to hosted databases using an external server
In the Client Authentication section, select one of the following:
FileMaker accounts only: The user name and password are authenticated against the account name and password specified in the FileMaker Pro accounts of hosted databases.
FileMaker and external server accounts: The user name and password are authenticated against the account name and password specified in FileMaker Pro accounts or against an external server. The external server returns local and domain group accounts that the user belongs to, which are then authenticated against the group accounts specified in FileMaker Pro External Server accounts.
For information on creating accounts that authenticate via an external server, see FileMaker Pro Help.
Specify whether to filter the list of databases in the:
FileMaker Pro Launch Center
FileMaker Go Launch Center
FileMaker WebDirect Launch Center
Custom Web Publishing database list requests
In the File Display Filter section, select List only the databases each user is authorized to access to display only the databases for which the user has access privileges.
Encrypt the data passed between the Database Server and FileMaker clients by using a secure connection
In the SSL Connections section, select Use SSL for database connections.
When this setting is selected, all Database Server client connections use the Secure Sockets Layer (SSL), except ODBC and JDBC connections. See Securing your data.
Secure connections are slower because of data encryption. Data transfer rates are affected by the number of clients and the amount of data transferred.
This setting also encrypts progressive downloading of audio, video, or PDF files stored in an interactive container using HTTPS.
If you clear this setting, all Database Server client connections including progressive downloading are unencrypted and use HTTP.
To enable this setting, you should have a valid digital certificate installed. FileMaker Server provides a standard SSL certificate signed by FileMaker, Inc. that does not verify the server name. The FileMaker default certificate is intended only for test purposes. A custom SSL certificate is required for production use.
If you change this setting, stop and restart the FileMaker Server service (Windows) or FileMaker Server background processes (macOS). See Starting or stopping the FileMaker Server service (Windows) or Starting or stopping FileMaker Server background processes (macOS).
Create a certificate signing request (CSR)
Click Create Request.
Follow the instructions in Creating a certificate signing request.
Import an SSL certificate issued by a certificate authority
After selecting Use SSL for database connections, click Import Certificate.
Follow the instructions in Importing a custom SSL certificate.
View information about the SSL certificate currently installed
After selecting Use SSL for database connections, click View Certificate.
Allow web browsers restrict web clients to HSTS (HTTP Strict Transport Security) connections only
In the HTTP Strict Transport Security (HSTS) section, select Use HSTS for web clients. This setting applies to all clients whose communication is processed through the web server: FileMaker WebDirect, Custom Web Publishing, and Data API clients. It does not apply to FileMaker Pro and FileMaker Go clients.
When this setting is selected, web clients are restricted to HTTPS connections and cannot downgrade to HTTP connections. Once the web client has completed an HTTPS connection, the web browser prevents the client from using an HTTP connection.
If you clear this setting, web client communication may use unencrypted HTTP requests. (Web clients may need to clear the browser history, browser cache, and HSTS cache.)
Limit FileMaker Server to hosting only databases that require users to enter a password for Full Access privileges
In the Require Password-Protected Databases section, select Host password-protected databases only.
When this setting is enabled, you can only open databases with password-protected Full Access privileges for hosting. If you attempt to open a database that doesn’t require users to enter a password for Full Access privileges, an error message is written to Event.log and the database is not opened.
FileMaker Pro 15 and 16 check this setting when a FileMaker Pro user attempts to upload a database using the Upload to FileMaker Server menu item. When this setting is enabled:
FileMaker Pro 15 and 16 will not allow uploading of databases that have a Guest account using the Full Access privilege set, a Full Access account with an empty password, or a Full Access account with the password stored in the database using the File Options dialog box Log in using option.
FileMaker Pro 14 users can upload databases that are not password protected, but FileMaker Server 16 does not open them.