Securing your data
A Secure Sockets Layer (
SSL)
certificate, or root certificate, is a data file provided by a certificate authority (CA) that digitally identifies the sender, receiver, or both parties of a secure transaction. SSL certificates are installed on machines running FileMaker applications to provide secure connections between FileMaker Server and FileMaker
clients.
FileMaker Server provides a standard SSL certificate signed by FileMaker, Inc. that does not verify the server name. The FileMaker default certificate is intended only for test purposes. A custom SSL certificate is required for production use.
To secure your data, you can take advantage of several FileMaker Server features:
•After you have received a custom SSL certificate, to enable SSL connections between the
Database Server and FileMaker Pro and FileMaker Go clients, and between the Database Server and the
Web Publishing Engine, click the
Database Server >
Security tab and select
Use SSL for database connections. Then import the custom SSL certificate. See
Importing a custom SSL certificate. When this is option is not enabled, the interactive content is downloaded over an unencrypted HTTP connection.
•Decide whether to use the setting Use HSTS for web clients. When this setting is selected, web clients are restricted to HTTPS connections and cannot downgrade to HTTP connections. Once the web client has completed an HTTPS connection, the web browser prevents the client from using an HTTP connection.
•During installation, the
web server used by FileMaker Server to publish databases to web-based clients is configured with SSL connections enabled.
•You can enable and disable specific
extended privileges, such as
PHP,
XML,
FileMaker WebDirect, and
FileMaker Data API for the Web Publishing Engine. For example, if you know that all files on one server will be shared with Custom Web Publishing with PHP, you can disable all other types of web publishing. Even if a file includes extended privileges that allow access to XML data, access to XML data is not available while the file is hosted with that FileMaker Server deployment.
To enable or disable any web publishing technology for all files on FileMaker Server, click
Web Publishing, then click the
PHP,
XML,
FileMaker WebDirect, or
FileMaker Data API tab. On each of these tabs, you can enable or disable web publishing for all hosted databases even if they have the corresponding extended privilege enabled. See
PHP web publishing settings,
XML web publishing settings,
FileMaker WebDirect settings, and
FileMaker Data API settings.
•If your organization uses an
LDAP directory service, you can enable
Use Secure Sockets Layer (SSL) in the
Database Server >
Directory Service tab to encrypt the user names and passwords that FileMaker Server and FileMaker Pro clients use to log in to the LDAP server. See
FileMaker clients settings and
About user details.
Notes
•In FileMaker Pro Advanced, you can use the Database Encryption feature to encrypt the contents of a database file. FileMaker Server supports hosting
encrypted databases. With FileMaker Server, the server administrator or group administrator enters the encryption password when the file is opened for hosting. See
Opening hosted files.