Claris FileMaker 19 Security Guide: Best Practices for Configuring Security Options
FileMaker security overview
About this guide
This guide describes the security features available with the Claris™ FileMaker® Platform and the steps you can take as a custom app developer, a server administrator, or an IT professional to apply these security features to your FileMaker custom apps.
Depending on your security compliance and certification requirements, there may be additional steps you need to take. It is your responsibility to fully understand these requirements.
- Claris FileMaker Cloud® is a service that provides access in the cloud to custom apps that use Claris FileMaker Pro™, FileMaker Go®, and Claris FileMaker WebDirect™. FileMaker Cloud uses the Claris ID integrated sign-on system to authenticate users. FileMaker Cloud is offered directly from Claris International Inc.
- Claris FileMaker Cloud for AWS is a service that provides access in the cloud to custom apps that use FileMaker Pro, FileMaker Go, and FileMaker WebDirect. FileMaker Cloud for AWS runs on the Amazon Web Services (AWS) Cloud and is offered through AWS Marketplace.
- FileMaker Cloud products refers to both FileMaker Cloud and FileMaker Cloud for AWS.
- Admin Console refers to Admin Console for Claris FileMaker Server™, FileMaker Cloud, and FileMaker Cloud for AWS, unless describing a particular product. FileMaker Cloud Admin Console refers to Admin Console for both FileMaker Cloud products, unless describing a particular product.
- Custom app, solution, database, and file are all terms for what you create and work with using FileMaker products.
- For information about FileMaker Cloud products, see FileMaker Cloud product documentation in the Product Documentation Center.
FileMaker Platform security features
The FileMaker Platform features help you control data access, operations, and development within a FileMaker Pro file. Key capabilities include:
- Authentication with accounts: The FileMaker Platform encrypts credentials stored within custom apps so the credentials are protected. Users can also authenticate via Active Directory, Open Directory, or OAuth identity providers. For apps hosted by FileMaker Cloud, users authenticate with their Claris ID accounts or with an external identity provider (IdP) account configured for their team.
- Access control with privilege sets: You define permissions that determine levels of access to your custom app. You can define as many privilege sets as needed.
- Data encryption on the disk and during transmission: You can encrypt the data stored within a custom app. You can also require Secure Socket Layer (SSL) encryption of data between FileMaker Server or a FileMaker Cloud product and FileMaker Pro, FileMaker Go, FileMaker WebDirect, Claris FileMaker Data API, and ODBC, JDBC, and OData-capable client applications. FileMaker Cloud encrypts the data automatically if it's not already encrypted.
- Server monitoring and administration: Admin Console allows you to monitor custom app access, disconnect idle users, and create backups of your custom apps. For apps hosted by FileMaker Cloud, team managers use Claris Customer Console to add users to the team and manage groups of users that can be given access to apps.
The FileMaker Platform employs a unified security model, where the security that you establish for a custom app is in effect across all clients.
Security settings defined within a custom app using FileMaker Pro apply only to the information and schema (layouts, tables, fields, relationships, and scripts) stored in that file.
Security settings configured within FileMaker Server and FileMaker Cloud products are deployment specific and apply to all custom apps hosted by the server.
Security for custom app developers
Make the custom apps you design in FileMaker Pro more secure by using features to authenticate users, limit access to the app, encrypt data, and enhance functionality in secure ways.
FileMaker Pro custom apps require users to authenticate with an account name and password combination. Each account access entry you create in FileMaker Pro is given access privileges based on the associated privilege set. See Define privilege sets.
Create a unique account access entry for each user or group. This allows you to track who is creating or modifying individual records or taking other actions in your custom app. Track this information by using auto-enter field settings or by using the Get(AccountName) function in calculations and scripts. See Use functions, scripts, and script triggers to enhance security.
FileMaker custom apps can authenticate accounts internally, with an external authentication server, with an OAuth identity provider, or, in the case of a FileMaker Cloud host, with the Claris ID identity provider or an external IdP.
- With internal authentication, the account names and passwords are stored within the custom app. All security for an app is set up in FileMaker Pro without server software, making it the quicker and easier option for managing accounts. This is called a FileMaker file account and is supported by all hosts except FileMaker Cloud. See "Editing FileMaker file accounts" in FileMaker Pro Help.
- With external authentication (via Open Directory or Active Directory) or with OAuth identity provider authentication, FileMaker Pro stores only user and group names. FileMaker clients interact with an external server or OAuth identity provider to authenticate a user's account credentials. The custom app must be hosted by FileMaker Server or FileMaker Cloud for AWS, and the host must be configured to allow external authentication or individual OAuth identity providers. See Set up external authentication and Set up OAuth identity provider authentication.
With Claris ID and external IdP authentication, FileMaker Pro stores a name and a universally unique ID (UUID) for each Claris ID or external IdP user or group you create an account access entry for. Changing user names (email addresses) or group names won't require custom app developers to make changes in FileMaker Pro files, because UUIDs are used internally to identify users and groups.
FileMaker clients interact with the Claris ID identity provider or external IdP to authenticate users' account credentials. The custom app must be hosted by FileMaker Cloud. In Claris Customer Console, a FileMaker Cloud team manager must add users to the team that the host is associated with. A team manager can also create groups of users, so a custom app developer can grant account access to groups in FileMaker Pro without having to update the app as users are added or removed. See Set up Claris ID or external IdP authentication.
About the default accounts
Each custom app created locally by FileMaker Pro initially contains two FileMaker file accounts: Admin and Guest.
The Admin account permits access to everything in the app. By default, this account is assigned the Full Access privilege set. This account is fully editable. You can rename it, assign it a password, and make the account inactive. You can delete the Admin account, but the file will require at least one account with the Full Access privilege set unless you remove that privilege set completely.
By default, the Admin account has no password. Assign a password when you first begin working in FileMaker Pro. See Assign the Admin account a password.
The Guest account allows users to access a file without supplying any account information. By default, this account is assigned the Read-Only Access privilege set, but you can assign the account any privilege.
Initially, the Guest account is inactive. You cannot delete the Guest account, change the Guest account name, or assign it a password.
Each custom app created directly in FileMaker Cloud initially contains these accounts: the app creator's account, the Admin Account, and the Guest account.
- The app creator's account is the Claris ID or external IdP account of the team manager who created the app and is assigned the Full Access privilege set. This account is fully editable and can be deleted, but there must be at least one Claris ID or external IdP account active in order to open an app hosted by FileMaker Cloud.
- The Admin account is like the Admin account in a locally created app, except that it's inactive while the app is hosted by FileMaker Cloud. When you download the app, the Admin account becomes active and can be used to open the app only when it isn't hosted by FileMaker Cloud.
- The Guest account is like the Guest account in a locally created app, except that it's inactive while the app is hosted by FileMaker Cloud. When you download the app, the Guest account can be made active and can be used to open the app only when it isn't hosted by FileMaker Cloud.
See "Creating a FileMaker Pro file" in FileMaker Pro Help.
Assign the Admin account a password
When you create a new custom app, FileMaker Pro creates an Admin account with the Full Access privilege set. This Admin account does not have a password.
Be sure to assign a password to this account to prevent unauthorized access to your data and database schema.
Don't enable the Guest account
Don't enable the Guest account unless it is necessary for the custom app. If you enable the Guest account, it's possible to quickly reach the maximum number of connections if many users sign in to the Guest account in a short period of time.
See "Editing FileMaker file accounts" in FileMaker Pro Help.
Create account access
When you create an account access entry in the Manage Security dialog box in FileMaker Pro, you first choose the account type, then specify settings.
FileMaker file: Specify an account name, password, and privilege set. Supported in local files and files hosted by FileMaker Cloud for AWS or FileMaker Server, but not by FileMaker Cloud.
You can specify a temporary password and prompt the user to change it. In the Edit Account dialog box, select Require password change on next sign in.
Passwords are stored using a one-way hash, meaning the password is never stored as plain text. You can reset a password, but you can't recover a password.
- External server: Specify a group name and privilege set. Supported only in files hosted by FileMaker Server. See Set up external authentication.
- OAuth identity provider: Specify a user name or group object ID and privilege set. Supported only in files hosted by FileMaker Server or FileMaker Cloud for AWS. See Set up OAuth identity provider authentication.
- Claris ID or an external IdP: For a team, specify a group, a Claris ID user name or external IdP account user's email, and a privilege set. Supported only in files hosted by FileMaker Cloud. See Set up Claris ID or external IdP authentication.
Prompt users for a password
New custom apps don't prompt for account names or passwords, because they automatically sign in with the Admin account by default. To prompt users to enter account names and passwords for FileMaker file and external server accounts, deselect the FileMaker Pro File Options dialog box Log in using option. This option is ignored when custom apps:
- are hosted by a FileMaker Cloud product
- are hosted by FileMaker Server in the secure database folder
- authenticate via an OAuth identity provider, Claris ID, or an external IdP
By default, custom apps do not allow Credential Manager (Windows) and Keychain Access (macOS, iOS, and iPadOS) to save account names and passwords for FileMaker file and external server accounts. When you prevent Credential Manager and Keychain Access, FileMaker clients prompt users to enter account names and passwords each time they open the app. This option is ignored for other types of accounts.
If you allow Keychain Access, you can require FileMaker Go users to authenticate with iOS or iPadOS before FileMaker Go can access its keychain.
Set up external authentication
If you host files using FileMaker Server, you can create external server account access entries in the files that authenticate users via Active Directory or Open Directory. You can then use your existing authentication server to control access to databases, instead of managing an independent list of accounts in each database file.
Alternatively, you can use local security groups and accounts on the server machine hosting FileMaker Server. Refer to Help for your operating system.
Use external authentication if:
- your organization already uses Active Directory or Open Directory.
- your FileMaker Pro file will be accessed by other files in a multifile custom app.
- your organization enforces minimum password standards. FileMaker clients can enforce elementary standards for FileMaker file accounts, such as password length and frequency of changing the password. External authentication offers more robust password control, such as enforcing password complexity requirements.
If you host files using FileMaker Server installed in Windows Server and use Active Directory for external authentication, your Windows users can use Single Sign-On with FileMaker Pro.
There is a risk with external authentication that someone will gain access to your file by simulating the external authentication environment or mismanaging the groups. It is your responsibility to prevent this by maintaining the security of your external authentication server. Enable database encryption for your custom app files to reduce this risk. Database encryption requires users to provide the encryption password before they can host the file on FileMaker Server. See Encrypt data.
Set up external server account access within the file using FileMaker Pro, then host the file using FileMaker Server and configure it for external authentication. See "Editing external server account access" in FileMaker Pro Help; and Enable external authentication and Setting up FileMaker Pro clients and FileMaker Server to use external authentication using the LDAP protocol in the Knowledge Base.
Important information when using external authentication
- You must use the external authentication server to reset passwords.
- Set account access entries in the order you want FileMaker clients to authenticate them. When a FileMaker file account and an external server account authenticate with the same account name and password, or when multiple groups contain the same external server account, FileMaker clients open the file using the first active, matching account access entry in the priority (authentication) order. Any subsequent matching account access entries are ignored. See "Changing the priority of account access" in FileMaker Pro Help.
- External server account access shouldn't be the only type of account access with the Full Access privilege set. Maintain a FileMaker file account for administration purposes in case the file needs to be removed from FileMaker Server. If there are no FileMaker file accounts, FileMaker clients can open the file only if the file is hosted and the external authentication server is available.
Set up OAuth identity provider authentication
If you host files using FileMaker Server or FileMaker Cloud for AWS, you can create account access entries in the files that authenticate users via supported OAuth identity providers. This allows you to control access to your custom apps through third-party identity providers. Instead of managing an independent list of accounts in each file, you can use your OAuth identity provider to control access to your app. An OAuth identity provider may also provide additional security measures—such as multifactor authentication, which requires more than one method of authentication.
To authenticate via OAuth identity providers, use FileMaker Pro to set up account access entries within the custom app. Then host the app using FileMaker Server or FileMaker Cloud for AWS, and configure the host to authenticate with OAuth identity providers. See "Editing OAuth account access" in FileMaker Pro Help; and Enable OAuth identity provider authentication.
Important information when using OAuth identity providers
- You must use the OAuth identity provider to reset passwords.
- Set account access entries in the order you want FileMaker clients to authenticate them. When an OAuth identity provider account is in multiple groups that have account access, or an OAuth account user has account access both as an individual user and as a member of a group, FileMaker clients open the file using the first active, matching account access entry in the priority (authentication) order. Any subsequent matching account access entries are ignored. See "Changing the priority of account access" in FileMaker Pro Help.
- OAuth account access shouldn't be the only type of account access with the Full Access privilege set. Maintain a FileMaker file account for administration purposes in case the file needs to be removed from the host. If there are no FileMaker file accounts, FileMaker clients can open the file only if the file is hosted and the OAuth identity provider is available.
Set up Claris ID or external IdP authentication
In files hosted by FileMaker Cloud, you must create account access entries that authenticate users via the Claris ID identity provider or an external IdP. FileMaker Cloud team managers control access to hosted files through Claris Customer Console. There they can add users to the team and manage groups of users, instead of managing an independent list of accounts for individual users in each file. Team managers have access to additional security measures—such as multifactor authentication, which requires more than one method of authentication.
To authenticate via the Claris ID identity provider or an external IdP, use FileMaker Pro to set up account access entries within the custom app. Then host the app using FileMaker Cloud. There is no configuration required in Admin Console for FileMaker Cloud. See "Editing Claris ID account access" in FileMaker Pro Help; and Enable Claris ID or external IdP authentication for groups and users.
Important information when using the Claris ID or an external identity provider
- Claris ID users can reset their password on their Profile page in Claris Customer Console, but external IdP users can't.
- Set account access entries in the order you want FileMaker clients to authenticate them. When a Claris ID or an external IdP user is in multiple groups that have account access, or when they have account access both as an individual user and as a member of a group, FileMaker clients open the file using the first active, matching account access entry in the priority (authentication) order. Any subsequent matching account access entries are ignored. See "Changing the priority of account access" in FileMaker Pro Help.
- You must create at least one Claris ID or external IdP account access entry with the Full Access privilege set in order to have full access privileges while the file is hosted by FileMaker Cloud. A FileMaker Cloud host supports no other types of accounts. Also maintain a FileMaker file account with the Full Access privilege set in case the file needs to be removed from the host and opened locally. If there are no FileMaker file accounts, FileMaker clients can open the file only if the file is hosted by FileMaker Cloud.
Authenticate in multifile custom apps
FileMaker Pro files can access one another in a multifile custom app. This can be useful, for example, if you have a centrally accessible file of employee contact information that is used by multiple internal apps.
When you open one file from another (such as for viewing external data or running a script in an external file), FileMaker clients pass to the second file the credentials the user supplied when they signed in to the first file. If the user's account access is the same, FileMaker clients automatically sign in the user to the second file. If there is no corresponding account access entry, the user must sign in to the second file.
If you create the same FileMaker file accounts manually in multiple files, you may make data entry errors. To reduce such errors, use external authentication, OAuth identity provider authentication, or (if files are hosted by FileMaker Cloud) Claris ID authentication. See Set up external authentication, Set up OAuth identity provider authentication, or Set up Claris ID or external IdP authentication.
Review the account access entries and privilege sets in each file of a multifile custom app. If privilege sets do not match across files or an account has additional privileges in a file, users may gain access to data that would normally be restricted to them. See Define privilege sets.
Additionally, make sure that users cannot make references to files in a custom app without the app designer's assistance. Otherwise, they may gain access to restricted data. See Restrict references to a custom app.
Define privilege sets
About privilege sets
Privilege sets grant access to the features a user can see and the tasks a user can do. They allow you to control access to data and schema. You can use a privilege set with multiple account access entries.
Every new FileMaker Pro custom app contains three predefined privilege sets:
- Full Access: Allows complete access to the file, including all development features.
- Data Entry Only: Allows creating, editing and deleting records, and importing and exporting data. Does not allow access to any development features.
- Read-Only Access: Allows viewing and exporting record data. Does not allow modifications to the file except for values in global fields.
You can also create new privilege sets to meet your specific requirements. Typically, you will create a privilege set for each unique role in your organization. A privilege set is made up of these access options:
- Data access and design privileges: Provide access to a wide range of security control, including records, layouts, value lists, and scripts.
- Extended privileges: Determine how users access a hosted file.
- Other privileges: Allow printing, exporting, the limited ability to manage security, and some other functions.
All clients and tools that access FileMaker Pro custom apps respect users' privilege sets. For example, if a user is assigned a privilege set that does not allow access to a field, the user cannot access the field using FileMaker Pro, FileMaker Go, FileMaker WebDirect, Custom Web Publishing, FileMaker Data API, ODBC and JDBC applications, OData client applications, external tools like AppleScript or ActiveX, or other means.
Create privilege sets
To create a privilege set, name and configure the privileges you want users to have for the custom app. By default, most privileges are turned off. This limits a user's privileges to only those necessary to fulfill the user's role. See "Creating and editing privilege sets" in FileMaker Pro Help.
Define data access and design privileges
Data access and design privileges grant access to different parts of a file and apply to all tables, layouts, value lists, and scripts.
You can also design custom privileges to further restrict access privileges.
- Design custom privileges for records, to control user access to individual tables or records. For example, you may have a CRM system where the sales managers can see all the records but individual sales representatives see only the records of their own customers and prospects.
- Design custom privileges for layouts, to control whether and how users can view or modify a layout, and whether they can view or modify records when working with that layout. The FileMaker Platform always uses the most secure combination of access rules. For example, a user who can generally edit records will be prevented from editing records on a layout that doesn't allow those privileges.
- Design custom privileges to control whether users can view, run, modify, delete, or create individual value lists and scripts.
See "Editing record access privileges," "Editing layouts privileges," "Editing value list privileges," and "Editing scripts privileges" in FileMaker Pro Help.
Define extended privileges
Extended privileges determine how users access a hosted file. Once you enable extended privileges for a privilege set, any accounts attached to that privilege set can access the file according to what the extended privilege allows. For example:
- The fmapp extended privilege controls whether FileMaker Pro and FileMaker Go can access the file.
- The fmwebdirect extended privilege controls whether a web browser can access the file via FileMaker WebDirect.
- The fmreauthenticate[x] extended privilege controls how long after FileMaker Go sleeps or goes into the background before the user must sign in to access the file again. It also controls how long after FileMaker Pro or FileMaker Go becomes disconnected from a FileMaker host (perhaps because the network connection is lost or the device sleeps) before the user must reauthenticate in order to reconnect automatically. If the client was disconnected from the host for more than x minutes, the client must reauthenticate.
Important:If your users use FileMaker Pro or FileMaker Go, specify the fmreauthenticate[x] extended privilege.
When FileMaker Go moves to the background, it saves the state of any open custom apps. With the fmreauthenticate[x] extended privilege, when FileMaker Go switches to the foreground, users must reenter the account name and password if the specified time limit, [x] minutes, has elapsed. For example, an extended privilege of fmreauthenticate10 allows the user to keep FileMaker Go in the background for up to ten minutes before the user must sign in again.
You can create as many fmreauthenticate extended privileges with different time periods as you need and assign them to different privilege sets. Users can attempt to enter their account name and password five times before the client closes the file. Set [x] to 0 to make users sign in each time FileMaker Go returns to the foreground or each time FileMaker Pro or FileMaker Go tries to reconnect to the host automatically.
You can create custom extended privileges to simplify your scripts or to manage the business rules you need to enforce. For example, create custom extended privileges to allow users to run certain reports.
See "Editing extended privileges for a privilege set" in FileMaker Pro Help.
Define other privileges
Other privileges specify whether the privilege set allows users to:
- print – includes both printing and saving records as PDF
export – includes exporting records, saving records as an Excel file, copying records in a found set to the Clipboard, saving a copy of the file, accessing data with Apple events, and using the file as the source of an import
Note:This privilege doesn't affect accessing data with ActiveX.
- manage extended privileges
- manage accounts that don't have full access privileges
- override data validation warnings
- disconnect users from a hosted custom app when a client is idle
- modify their passwords
- access menu commands (all, editing only, minimum)
See "Editing other privileges" in FileMaker Pro Help; and Grant trusted users limited ability to manage security and Disconnect idle users.
Remove the Full Access privilege set
To ensure that users can't gain access to parts of the custom app and schema that only they would normally have access to, use FileMaker Pro to permanently remove the Full Access privilege set from the file.
Important:Removing the Full Access privilege set permanently deletes from the file all accounts that were using the Full Access privilege set. This permanently eliminates access to Layout mode and the Script Workspace. Access to the Manage Security dialog box is also eliminated, unless you have other accounts with the Manage extended privileges or Manage accounts that don't have Full Access privilege enabled. Schema and design elements of the files cannot be recovered. The only way to modify the tables, field definitions, relationships, scripts, or all access privileges is by returning to the original file before the Full Access privilege set was removed.
See "Removing Admin access to databases" in FileMaker Pro Help.
Encrypt a custom app
Use FileMaker Pro to encrypt all the information stored in a file (also known as encryption at rest). Database encryption protects your custom app if someone gains physical access to the file.
Database encryption requires a FileMaker file account with Full Access privileges to any file that is to be encrypted, an encryption password, and a shared ID. Users must enter the encryption password whenever FileMaker Pro or FileMaker Go opens a local file, or when FileMaker Server or the FileMaker Cloud product opens a file before hosting it. The shared ID links multiple encrypted files. When one encrypted file attempts to access another encrypted file, the user will not be prompted again for the encryption password if the files' encryption passwords and shared IDs match.
When you open an encrypted file on FileMaker Server or a FileMaker Cloud product, you can save the password to automatically open encrypted files when the server restarts. FileMaker employs a two-way AES-256 encryption that uses a composite key based on information from the machine to encrypt the password and stores the password securely on the server.
See "Opening hosted files" and "Clearing the database encryption password" in FileMaker Server Help, and encrypting and uploading database files in FileMaker Cloud product documentation.
If a file is not encrypted, FileMaker Cloud automatically encrypts the file. To show the encryption password for a database, see FileMaker Cloud Help in the Product Documentation Center.
Important:After you download a file from FileMaker Cloud, it remains encrypted on your local machine, so you must have the encryption password to open the file. In FileMaker Cloud Admin Console, show the encryption password and save it in a safe place.
Encrypt field data
The FileMaker Platform provides these functions to encrypt and decrypt data using a specified key:
- CryptEncryptBase64: Accepts text or container data and returns encrypted, Base64-encoded text.
- CryptDecryptBase64: Accepts Base64-encoded text encrypted by CryptEncryptBase64 and returns decrypted data as the same type (text or container data) as before it was encrypted.
If you need more control over how the encrypted data is encoded and formatted, you can use the CryptEncrypt and CryptDecrypt functions. See FileMaker Pro Help.
Important:These functions have no direct connection to the security schema of a FileMaker Pro file (accounts, privilege sets, extended privileges). Therefore, the security of your data depends on how you use these functions in your custom app.
As a developer, consider how to manage keys securely:
- Creation: Best practices for key creation (or generation) include at least these elements: key length, complexity, and entropy.
- Storage: Store keys securely and separately from the data they decrypt.
- Retention: Keys must be available for as long as the encrypted data is available. For example, backups are unusable if the keys are unavailable.
- Destruction: Depending on how you use these functions, if a key is destroyed, the data it encrypted is effectively destroyed, because the data can't be decrypted without the key.
One application of these functions is to protect the confidentiality of data in a field (also known as field-level encryption). However, this level of encryption doesn't replace encryption at rest, which protects the entire file (including backups) from tampering. See Encrypt a custom app.
- Attempting to decrypt data that is already decrypted can destroy the data. Instead, use a separate flag to indicate whether data is encrypted and decrypt the data only when needed.
- When the contents of a field are encrypted, subsequently decrypted, and then reencrypted, the encrypted values will be different each time.
- If the key is compromised, you need to be able to locate all the records with encrypted data so that they may be decrypted with the compromised key and reencrypted with a new key.
Encrypt container data
If database encryption is enabled for a custom app, or if container data is configured to be stored externally, all container data is encrypted by default (secure storage). If you don't want to encrypt container data when you encrypt database files or store container data externally, you can keep the container data in open storage. (However, you can't do this for files hosted by FileMaker Cloud, which requires externally stored container data to be encrypted.) See "Encrypting and decrypting database files" and "Setting up container fields to store data externally" in FileMaker Pro Help.
- For files hosted by FileMaker Cloud, you can't transfer data with secure storage to embedded container data. FileMaker Cloud uses FileMaker Data Storage for container data that's configured to be stored externally.
Digitally sign data
If your custom app uses REST APIs for web services that require you to generate digitally signed data or to verify signed data using RSA keys, use the CryptGenerateSignature and CryptVerifySignature functions.
Limit access to the custom app through layouts
Design layouts that limit users' view of data and access to features according to their needs and privilege sets. Also, consider hiding the status toolbar and instead providing buttons that perform allowed tasks.
- Limiting access to data and features on a layout does not prevent users from accessing data with script steps, functions, AppleScript, or by other means. Define privilege sets to restrict user access to data and features in all clients. See Define privilege sets.
Grant trusted users limited ability to manage security
If you develop a custom app but don't want to manage the everyday tasks of granting and removing account access yourself, you can give trusted users a limited ability to manage security without granting them full access privileges. Doing this offloads the daily tasks while protecting your intellectual property and preventing others from making changes that could break your app.
These privileges grant a limited ability to make security changes in FileMaker Pro:
|Privilege||Users can||Users can't|
|Manage accounts that don't have Full Access||
|Manage extended privileges||
To grant an account access entry limited privileges to manage security:
- Create a privilege set.
- In the Edit Privilege set dialog box, enable one or both of these privileges.
Set the Available menus option set to All.
This allows the user to access File menu > Manage > Security.
- Assign this privilege set to an account access entry.
See "Creating and editing privilege sets" and "Creating and editing account access" in FileMaker Pro Help.
Use functions, scripts, and script triggers to enhance security
Use FileMaker functions, scripts, and script triggers to enhance security for common tasks such as deleting, auditing, and maintaining records. For example, use scripts to:
- add or delete accounts, reset account passwords, change passwords, enable or disable accounts (for FileMaker file accounts only)
- re-log in as a different user (for FileMaker file accounts, the Guest account, and external server accounts only)
- archive records when you don't want a user to delete records
- provide information about the user's current session and state for regulatory compliance and auditing
- provide custom messages when security limitations affect the user
Important:Do not use functions, scripts, or script triggers to replace FileMaker security features.
- By default, scripts run using the privilege set of the account that is currently signed in. This can cause issues if the script tries to perform an action the user does not have the privileges to do. Test all scripts across all privilege sets to protect the integrity of your data.
- When using script steps to communicate with systems outside the FileMaker Platform, choose available options that interact via SSL encryption. For example, the Insert from URL script step includes the Verify SSL Certificates option, and the Send Mail script step allows communication with SMTP servers that use SSL encryption.
- Use functions to get information about the current user, such as Get(AccountName), Get(AccountGroupName), and Get(AccountType). For example, use the Get(AccountExtendedPrivileges) function to test whether a user has a specific extended privilege.
See "Functions reference," "Script steps reference," and "Script triggers reference" in FileMaker Pro Help.
Restrict references to a custom app
Restrict references to a custom app to prevent the app's schema from being accessed by unauthorized files. For another file to access the app's schema and data, either the file must be authorized within the app or the user must enter valid credentials for the app.
You can specify that only accounts with the Full Access privilege set can create references to the custom app, ensuring that only app designers and administrators can reference the app. By default, newly created files have this option enabled.
In a multifile custom app, you must authorize each file that needs access to another file's schema.
See "Authorizing access to files" in FileMaker Pro Help.
Set a minimum client version
Set a minimum version of FileMaker Pro or FileMaker Go that's allowed to access the custom app. Newer versions of FileMaker clients provide features and security changes not available in older versions, so restrict which clients can access the app. See "Setting file options" in FileMaker Pro Help.
Use plug-ins only from trusted sources (preferably plug-ins that are digitally signed by their developers), because plug-ins can access and modify your custom app and connect to other services over the internet.
For additional security and to prevent unauthorized plug-ins from being installed, FileMaker Pro users can enable or disable the installation of plug-in files. This is an application preference, not a file preference, and determines whether plug-ins can be installed on the user's computer.
If a plug-in is enabled, FileMaker Pro attempts to load the plug-in after it is installed and whenever FileMaker Pro starts. If FileMaker Pro can't verify the plug-in's digital signature, or if the plug-in hasn't been signed, the user is notified and can choose whether to load the plug-in. If the user chooses to always load the plug-in, this preference is saved in the user's application preferences, not in the file.
See "Setting plug-in preferences" and "Setting permitted hosts and plug-ins preferences" in FileMaker Pro Help. To enable plug-ins on a host, see Enable plug-ins in FileMaker Server and FileMaker Cloud for AWS.
- Plug-ins are not supported in FileMaker Cloud.
Security for server administrators
FileMaker Cloud products and FileMaker Server host custom apps for the following clients:
- FileMaker Pro
- FileMaker Go
- FileMaker WebDirect
- Web users and web applications via the Web Publishing Engine using Custom Web Publishing with PHP and Custom Web Publishing with XML (FileMaker Server only)
- Web services or applications using the FileMaker Data API to access data in hosted custom apps
- ODBC and JDBC applications
- OData-capable client applications (FileMaker Cloud only)
The following sections outline the steps for setting up security in FileMaker Server and FileMaker Cloud products.
If you are using FileMaker Server, be sure that you installed it in a secure location and that you are using SSL encryption to encrypt HTTPS communication between clients and the server. See Secure the machine running FileMaker Server, Install FileMaker Server components behind the firewall, and Set up SSL encryption.
Enable external authentication
Note:This feature is not available in FileMaker Cloud products.
With FileMaker Server, you can use your existing authentication server to control access to files without having to manage an independent list of accounts in each file.
Set up external server account access within the file using FileMaker Pro, host the file using FileMaker Server, and configure it for external authentication. To set up accounts in FileMaker Pro, see Set up external authentication.
To enable external authentication in FileMaker Server:
- In FileMaker Server Admin Console, click the Administration > External Authentication tab.
- For Database Sign In, enable External Server Accounts.
To use Active Directory or Open Directory, the server where FileMaker Server is installed must be a member of the domain used for external authentication.
Test thoroughly. See Test security settings.
Enable OAuth identity provider authentication
With FileMaker Server or FileMaker Cloud for AWS, you can use supported OAuth identity providers to control access to files without having to manage an independent list of accounts in each file.
Set up OAuth identity provider account access within the file using FileMaker Pro, host the file using FileMaker Server or FileMaker Cloud for AWS, and configure the host for OAuth identity provider authentication. To set up account access in FileMaker Pro, see Set up OAuth identity provider authentication.
To enable OAuth identity provider authentication in FileMaker Server:
- In FileMaker Server Admin Console, click the Administration > External Authentication tab.
- For Identity Authentication Settings, configure the OAuth identity provider—Amazon, Google, or Microsoft—that will be used to authenticate access.
- For Database Sign In, enable External Server Accounts.
- Enable the OAuth identity provider that you configured for Identity Authentication Settings.
To enable OAuth identity provider authentication in FileMaker Cloud for AWS:
- In Admin Console for FileMaker Cloud for AWS, click the Administration > External Authentication tab.
- For Identity Authentication Settings, configure the OAuth identity provider—Amazon, Google, or Microsoft—that will be used to authenticate access.
- For Database Sign In, enable the sign-in setting.
Note:In FileMaker Cloud for AWS, Amazon identity provider authentication is shared by the FileMaker Cloud for AWS administrator and by clients; the Amazon client ID and client secret are synchronized.
Test thoroughly. See Test security settings.
Enable Claris ID or external IdP authentication for groups and users
For files hosted by FileMaker Cloud, users are authenticated by the Claris ID identity provider or an external IdP. In Claris Customer Console, team managers can add Claris ID users or external IdP account users to a team and create groups of users. In a FileMaker Pro file, you can create and edit Claris ID or external IdP account access for groups or individual users. The privilege set you assign to a group's access applies to all users in the group. For an individual user's access, the privilege set you assign applies only to that user.
For external IdP accounts, setup is required before users can be added to a FileMaker Cloud team. See "Using an external identity provider to authenticate Claris ID accounts" in Claris Customer Console Help.
To create account access for Claris ID or external IdP groups and users:
- In Claris Customer Console, on the Users page, invite users to the team.
- On the Groups page, create a group, then add users to the group.
- To create an account access entry for the group or an individual user, in the FileMaker Pro Manage Security dialog box, for Authenticate via, choose Claris ID - <Team Name>, then click New.
- For Group or User Name, choose the group or user name (email address), assign a privilege set, then click OK.
- To refresh Claris ID information in the Manage Security dialog box with changes you made in Claris Customer Console, change Authenticate via to another selection and then back to your FileMaker Cloud team name, or reopen the Manage Security dialog box.
Limit the list of hosted custom apps
FileMaker clients and the Home page in Claris Customer Console display a list of hosted custom apps. Depending on the type of host, you may be able to limit which apps are displayed.
|In the Hosts dialog box in FileMaker Pro and the Launch Center in FileMaker Go and FileMaker WebDirect||In the My Apps window in FileMaker Pro, the My Apps tab in FileMaker Go, and the Home page in Claris Customer Console|
|FileMaker Server||By default, all open custom apps are displayed. However, you can limit this list to show only the apps that the current user may access. To filter the list, see FileMaker Cloud product documentation, and "Filter databases setting" in FileMaker Server Help.||Not available|
|FileMaker Cloud for AWS||Not available|
All open custom apps available to the current user are displayed.
An app is available if it contains an account access entry for the user's Claris ID user name, the external IdP account user's email, or a group the user is in. See "Editing Claris ID account access" in FileMaker Pro Help.
FileMaker Cloud team managers can also limit the available apps to those that are assigned the Access via FileMaker WebDirect extended privilege (set in FileMaker Pro). On the Settings page in Claris Customer Console, enable Show only FileMaker WebDirect files on Home page. See Claris Customer Console Help.
Require passwords for hosted files
Make sure all hosted databases require a client to specify an account and password. A database is insecure when:
- a Guest account is using the Full Access privilege set
- any Full Access account has an empty password
- the password of any Full Access account is stored in the database (using the FileMaker Pro File Options dialog box Log in using option)
By default, FileMaker Server prevents insecure databases from being hosted. See "Hosting databases" in FileMaker Server Help. FileMaker Cloud products always require password protection for hosted databases.
When a FileMaker Pro user attempts to upload a database using the Upload to Host menu item, FileMaker Pro validates that the database is password protected. If the host requires databases to be password protected, FileMaker Pro doesn't allow the above types of insecure databases to be uploaded.
View log files
As FileMaker Server and FileMaker Cloud products run, they log server activity. Use the log files to collect client access information and other information needed for regulatory and auditing purposes.
See "Viewing log file entries" in FileMaker Server Help; and information about configuring FileMaker Cloud products in FileMaker Cloud product documentation.
Disconnect idle users
Set the maximum amount of time that FileMaker clients can be idle when they are connected to a file hosted by FileMaker Server or a FileMaker Cloud product. This idle time limit reduces the risk of your files being accessed by an unattended computer or mobile device. However, make sure the idle time is long enough to avoid frequent disconnections.
In FileMaker Pro, in the Edit Privilege Set dialog box, select Disconnect user from server when idle for each privilege set you want disconnected when a user is idle. Because you can set this option for each privilege set, certain users are disconnected when idle and other users will always maintain their connections. In FileMaker Pro and FileMaker Go, users logged in with the Full Access privilege set are never disconnected when idle.
To specify the idle time, see "FileMaker client session timeouts" in FileMaker Server Help; and information about configuring FileMaker Cloud products in FileMaker Cloud product documentation.
Set up backups
It's important to back up custom apps to prevent data loss. If data in a file is destroyed, you can revert to the backup.
Backups in FileMaker Server
FileMaker Server offers several types of backups: automatic, on-demand, scheduled, and progressive.
- For automatic backups, FileMaker Server creates a full backup of all hosted databases once a day.
- For on-demand backups, you can create a full backup of all hosted databases at any time by clicking Back Up Now.
- With a scheduled backup, FileMaker Server checks whether data has changed since the last backup and creates a full copy of any databases and container data that have changed.
- With a progressive backup, FileMaker Server creates two full backups in the progressive backup folder of all hosted databases. Then, after the specified interval, it applies any changes to the oldest backup copy.
FileMaker Server saves backups only to local disks. Use other tools to copy the local backups to provide offsite backups for disaster recovery. Be sure to specify a secure physical location for stored backups.
Important:FileMaker Server creates the directory structure for these backups. To work with a backup file, leave the original file unchanged in the backup folder. Never open the original backup file with FileMaker Pro, edit it, or move it out of the backup folder. Instead, copy the file and work exclusively with the copy.
See "Understanding backup options" in FileMaker Server Help.
Backups in FileMaker Cloud for AWS
FileMaker Cloud for AWS offers backups as snapshots of your storage volume, which contains all your data, including databases, configurations, and logs. Backups run every twenty minutes, and FileMaker Cloud for AWS stores one week of backups. FileMaker Cloud for AWS can also preserve backups in Amazon Simple Storage Service.
Backups in FileMaker Cloud
FileMaker Cloud creates a full backup of a database after the database is uploaded. Databases that have changes are automatically backed up every 20 minutes. Backups are stored for 30 days before automatic deletion begins. You can preserve backups, remove backups from the preserved list, edit the backup label, and restore a backup.
Non-root administrators in FileMaker Server
You can allow externally authenticated accounts to sign in to Admin Console and act as server administrators. These accounts can change any setting in FileMaker Server except the Admin Console user name and password.
- For Identity Authentication Settings, configure the External Accounts for Admin Console Sign In setting by entering the group name that will be used to authenticate access. (The format may be groupname, domain\groupname, or groupname@localmachine.)
- For Admin Console Sign In, enable External Accounts.
Non-root administrators in FileMaker Cloud for AWS
As the root administrator, you can allow non-root administrators to sign in to FileMaker Cloud for AWS and manage most aspects of the instance. Non-root administrators can't modify other administrator accounts, import SSL certificates, or discontinue the FileMaker Cloud for AWS subscription.
Decide whether to permit the Perform Script on Server script step
Note:This feature is not available in FileMaker Cloud products.
For performance reasons, custom app developers may choose to use the Perform Script on Server script step. For security reasons, FileMaker Server administrators can decide whether to permit Perform Script on Server in hosted apps.
To disable use of Perform Script on Server,
use the CLI command
fmsadmin serverconfig set scriptsessions=0 to set the maximum simultaneous script sessions to 0 (zero). Any value above zero will allow the Perform Script on Server script step to perform in hosted apps.
See "Using the command line interface" in FileMaker Server Help.
Enable plug-ins in FileMaker Server and FileMaker Cloud for AWS
Custom app developers can design FileMaker Pro databases to use server-side plug-ins. To enable plug-ins in FileMaker Pro, see Enable plug-ins.
In Admin Console for FileMaker Server or FileMaker Cloud for AWS, on the Connectors > Plug-ins tab, enable FileMaker Script Engine Plug-ins and Web Publishing Plug-ins. These settings enable the FileMaker Script Engine to use external functions and script steps implemented in plug-ins. See "Managing plug-ins" in FileMaker Server Help; and managing server plug-ins in FileMaker Cloud for AWS Help.
In Admin Console, you can allow scripts that run via a schedule, the Perform Script on Server script step, FileMaker WebDirect, and Custom Web Publishing to install, update, and load plug-ins. On the Connectors > Plug-ins tab, enable the Install Plug-in File Script Step settings.
- Plug-ins are not supported in FileMaker Cloud.
- In FileMaker Cloud for AWS, plug-ins run on Linux, for which there is no industry-standard method for signing binary files. Therefore, FileMaker Cloud for AWS does not verify digital signatures for plug-ins.
Ensure email notifications are secure
In FileMaker Server Admin Console, if you use the Configuration > Notifications tab to enter the SMTP configuration information for an email server, verify the security of that email server. The email server should always use the most recent Transport Layer Security (TLS) protocol for communication.
See "Notifications settings" in FileMaker Server Help.
- Email sent from FileMaker Cloud Admin Console uses TLS.
Security for IT professionals
FileMaker software runs on your computers and your network. Clients may be accessing your hosted data using your company intranet or over the internet. As you plan the security of the FileMaker Platform, consider the security of your system environment.
The following sections describe how to make your system environment more secure for the FileMaker Platform.
Secure the machine running FileMaker Server
Though accounts and privilege sets provide good database protection, they do not provide a completely secure custom app. If you're using FileMaker Server, you must protect access to your files and information, and not rely solely on FileMaker Pro access privileges. For example:
- Protect the physical security of the computers, hard drives, and backup storage media where the database files reside. For example, place the computer running FileMaker Server in a locked room.
- Use the most recent operating system versions certified by Claris International Inc.
- If you host FileMaker Pro databases on a computer that is shared over a network, use operating system security settings and passwords to restrict folder and file access to authorized personnel.
- Set the screen saver feature of your operating system to require a password in order to wake up the computer.
- Never run other network services, such as an email server, on the same machine as FileMaker Server.
- Verify that all other network services support only the highest level of security possible—for example, the most recent TLS protocol. These network services should disable support for insecure protocols—for example, SSLv2 and SSLv3.
Install FileMaker Server components behind the firewall
FileMaker Server contains up to three components:
- Database Server
- Web Publishing Engine
- Web Server Module
You deploy these components on the master machine and can add more Web Publishing Engines and Web Server Modules on worker machines. You can control where each machine is in relation to your firewall. For example, you can choose to place all components behind the firewall to restrict access to the LAN network. If you place any machines in your deployment behind the firewall, you must open the ports used by FileMaker WebDirect in the firewall to make FileMaker WebDirect available over the internet. See Ports used by FileMaker Server and FileMaker Cloud products.
Important:To enhance the security of your custom app, especially over the internet, use a firewall on the public side of a FileMaker Server deployment, and use SSL for the web server. See Set up SSL encryption.
Set up SSL encryption
Encrypt the data passed between FileMaker Server or a FileMaker Cloud product, FileMaker clients, ODBC and JDBC applications, REST API clients, and OData clients by using SSL technology. An SSL certificate is a data file provided by a certificate authority (CA) that digitally identifies the sender, receiver, or both parties of a secure transaction. SSL certificates are installed on machines running FileMaker applications to provide secure connections between FileMaker Server or a FileMaker Cloud product and FileMaker clients.
SSL encryption is especially important if clients are accessing your hosted data over the internet. If you do not use encryption, your data may be viewed by software that is monitoring your network.
To enable SSL encryption in FileMaker Server, import a custom SSL certificate. See "Securing your data" in FileMaker Server Help.
- Never share the same SSL certificate between a FileMaker Server machine and a machine running less-secure network services—for example, an email server.
- Never use the same private key to generate multiple SSL certificates that are used on different machines—for example, a FileMaker Server and an email server. A successful attack on the email server could compromise all the other certificates that use the same private key.
- In a multiple-machine FileMaker Server deployment, use a Subject Alternative Name (SAN) certificate or a wildcard certificate on the master and worker machines. Otherwise, each machine in the deployment requires an SSL certificate that matches its unique hostname.
See FileMaker Network Security and Supported SSL Certificates in the Knowledge Base.
About the default certificate in FileMaker Server
FileMaker Server provides a default SSL certificate signed by Claris International Inc. that does not verify the server name.
Important:This default certificate is intended only for test purposes. A custom SSL certificate is required for production use.
About the default certificate in FileMaker Cloud for AWS
FileMaker Cloud for AWS provides a default SSL certificate. You can renew the default certificate or import your own custom certificate. To manage SSL certificates, see FileMaker Cloud product documentation.
About the SSL certificate in FileMaker Cloud
FileMaker Cloud provides and configures an SSL certificate for the host. You can't use a custom certificate with FileMaker Cloud.
Enable HTTP Strict Transport Security
If FileMaker Server has a valid SSL certificate, HTTP Strict Transport Security (HSTS) restricts web clients to HTTPS connections. Once a web client connects to FileMaker Server via HTTPS with HSTS, the web browser prevents the client from using an HTTP connection for content hosted by FileMaker Server.
HSTS is enabled in FileMaker Server when you import a custom SSL certificate.
- HSTS is always enabled in FileMaker Cloud products.
- macOS: In FileMaker WebDirect, when HSTS is enabled, make sure that custom homepages and custom web content are hosted in the Web Publishing Engine HTTPS directory.
Test for SSL encryption
To test the encryption between FileMaker Server or a FileMaker Cloud product and FileMaker Pro or FileMaker Go clients, use the Get(ConnectionState) function. It will return a value of:
- 0 for no network connection for the current file.
- 1 for a connection that is not encrypted (FileMaker Server with SSL disabled, or to a FileMaker Pro host).
- 2 for a connection that is encrypted but for which the SSL certificate for FileMaker Server cannot be verified. You may be connected to a server pretending to be your actual destination, which could put your confidential information at risk.
- 3 for a connection that is encrypted with a verified SSL certificate.
For example, write a script to run when a file is opened that alerts the user if the connection to FileMaker Server is not secure.
The user may see a lock icon in the FileMaker Pro Open File dialog box, the upper-right corner of the FileMaker Pro window, or the FileMaker Go Opening File screen.
- is equivalent to Get(ConnectionState) returning 1.
- is equivalent to Get(ConnectionState) returning 2.
- is equivalent to Get(ConnectionState) returning 3.
- If clients use the IP address of the server rather than the fully qualified host name, they may see an encrypted connection where the SSL certificate for FileMaker Server cannot be verified. To see an encrypted connection with a verified SSL certificate, your clients should add the fully qualified host name as a favorite host in the Hosts dialog box in FileMaker Pro and the Launch Center in FileMaker Go.
Java security considerations
FileMaker Server and FileMaker Cloud products require a minimum update of Java Runtime Environment (JRE). In FileMaker Cloud products, the minimum version of Java is installed when you create your instance.
Because of changes to Java licensing, FileMaker Server no longer installs JRE, which is needed for using Custom Web Publishing and FileMaker WebDirect. To use these web-related services, you must install either OpenJDK or Oracle JRE. After enabling the Web Publishing Engine on the master and each worker machine in Admin Console, follow the onscreen instructions that appear. For details and installation steps, search for "JDK" in the Knowledge Base.
Check for Java security updates posted to the java.com website. In addition, see the Knowledge Base article "FileMaker Server and Java," which lists the minimum version of Java that you should use with FileMaker Server. Before applying an update to Java on the machine where FileMaker Server is installed, review the information in this article. If you encounter issues after applying an update to Java, remove the update and revert to the minimum version of Java required by FileMaker Server.
PHP security considerations
Custom Web Publishing with PHP requires a PHP engine on the machine where FileMaker Server is located. When you install FileMaker Server, a version of the PHP engine is installed. However, you can choose to use your own PHP engine.
Security updates to PHP are frequently posted to the php.net website. FileMaker Server updates may include PHP updates, but the php.net website provides PHP updates more frequently. To apply PHP updates more frequently, install and maintain your own PHP engine.
If you maintain your own PHP engine, you must manually install the FileMaker API for PHP in order to use Custom Web Publishing with PHP. See FileMaker Server Custom Web Publishing Guide.
- FileMaker Cloud products don't support Custom Web Publishing and don't use PHP.
Replace the default web server page
FileMaker Server uses a default FileMaker Database Server Website page. This page doesn't reveal any security information about your server, but it does indicate that the server is running FileMaker Server. Clients can view the default page at these URLs:
where [host] is the IP address or domain name of the master machine in your FileMaker Server deployment.
To replace this default page, replace the index.html file, which is on the master machine at these locations:
- Windows: [drive]: \Program Files\FileMaker\FileMaker Server\HTTPServer\conf\index.html
- macOS (for HTTP): /Library/FileMaker Server/HTTPServer/htdocs/index.html
- macOS (for HTTPS): /Library/FileMaker Server/HTTPServer/htdocs/httpsRoot/index.html
Other security considerations
Apply updates regularly
Software updates for FileMaker products may contain security improvements. Install updates to keep your FileMaker software as secure as possible. See Downloads and Resources.
Use the most recent operating system versions certified by Claris International Inc.
Apply updates to device drivers and to additional software used with your FileMaker software, such as ODBC drivers.
Use strong passwords
The FileMaker Platform uses passwords for authentication in several areas. FileMaker Server and FileMaker Cloud products require passwords for their administrator accounts. FileMaker Pro allows you to define account passwords and encryption passwords. When you are creating a password, FileMaker software analyzes the password and notifies you of the password's strength.
For account passwords, you can use external authentication (FileMaker Server only) or OAuth identity provider authentication (FileMaker Server or FileMaker Cloud for AWS). With external authentication, you manage passwords using Active Directory in Windows or Open Directory in macOS rather than storing the passwords in FileMaker software. With OAuth identity provider authentication, you manage passwords using supported OAuth identity providers such as Amazon or Google. See Set up external authentication and Set up OAuth identity provider authentication.
For FileMaker Cloud, users and team managers authenticate with Claris ID or external IdP accounts to use Claris Customer Console and to open hosted files. Claris ID users manage their own passwords and can set up multifactor authentication. See Claris Customer Console Help.
Test security settings
When you have completed setting up FileMaker Platform security features, test the security of your custom app.
- Set up a test account for each privilege set. Make these accounts active for testing and inactive in your production system.
- Define a checklist of features and functions to test. Step through the checklist with each test account.
- Document your results.
- Repeat testing when new functionality is added.
Continually evaluate your security implementation to make sure your data is still protected. Verify that users have the latest, most secure versions of their operating systems and FileMaker software.
Comply with regulatory requirements
It is your responsibility to fully understand your security compliance requirements and take the appropriate steps.
In addition to the guidelines outlined in this document, depending on your internal or regulatory requirements (COBIT, HIPAA, ISO, PCI, NIST, FIPS, and so on), there may be additional steps you need to take.
- If you need to encrypt all network traffic, turn on SSL in FileMaker Server and then configure SSL for applications and external servers that communicate with FileMaker Server or the FileMaker Cloud product.
- If you have minimum password standards, use an external authentication server.
- If you need an audit trail, you can build one with FileMaker Pro using tables and scripts. For more complex requirements, consider using a commercially available audit plug-in.
- Windows: Because FileMaker Server depends on Windows for managing SSL, install the latest Windows security updates.
Provide documentation on a layout in your custom app or on a webpage to explain to users how to securely interact with the app. Include information about accounts and passwords, how to connect securely to FileMaker Server or the FileMaker Cloud product, how to use functions and scripts, and any other security concerns or requirements regarding your app.
Quick reference guide for routine operations
|Manage accounts, privileges, extended privileges, or file access||
Choose File menu > Manage > Security.
|Immediately stop someone from accessing any data||
Claris Customer Console:
Removing licensed users without disconnecting clients doesn't immediately prevent users from accessing data. They can continue to access data until they sign out.
Making the account access entry in the file inactive has no effect on a user who is currently signed in. It will prevent only subsequent attempts to sign in.
If the user has access via an external authentication group, remove the user from the external authentication group or disable the user's account in the external authentication server.
In an emergency, close the file to prevent access by everyone.
|Force a user to change their password (FileMaker file accounts only)||
Note:You can also write a script to force more than one user to take this action.
If the user has access via external authentication, manage the password using your Active Directory or Open Directory server.
|View log files||
Types of encryption used by the FileMaker Platform
The FileMaker Platform encrypts data in different ways depending on how the data is stored or transmitted. This table lists the cipher types used when the FileMaker Platform encrypts data.
|Account password||One-way hash|
|Admin Console password||One-way hash|
|Database Encryption||AES-256 CBC mode|
|CryptEncrypt and CryptDecrypt functions, FileMaker custom app upgrade tool||
These functions use the PBKDF2 algorithm to convert the specified key into a cryptographic key before it encrypts or decrypts data. This key encrypts data using the AES-GCM authenticated encryption algorithm at the 128-bit level. The result includes an encrypted SHA256 digest of data, which validates the data during decryption.
The FileMaker custom app upgrade tool uses these functions to encrypt and decrypt patch files.
|Secure Storage of container data (with Database Encryption disabled)||AES-128 CBC mode|
|Secure Storage of container data (with Database Encryption enabled)||AES-256 CBC mode|
Ports used by FileMaker Server and FileMaker Cloud for AWS
See Ports used by FileMaker Server in the Knowledge Base.
Ports used by FileMaker Cloud for AWS are viewed and edited in the Amazon Web Services Elastic Cloud Compute (EC2) Dashboard. For managing ports in your security group, see FileMaker Cloud for AWS Getting Started Guide in the Product Documentation Center.