Jump to content

  •  

Photo

Encryption in FMP13 advanced


  • Please log in to reply
11 replies to this topic

#1 fed  enthusiast

fed
  • Members
  • 182 posts
  • LocationToronto, Canada
  • FM Application:13 Advance
  • Platform:Mac OS X Mountain Lion
  • Skill Level:Intermediate
  • Time Online: 1d 2h 46m 47s

Posted 08 January 2014 - 06:32 PM

I am very happy to hear that FMP13 Advanced offers database encryption.  I got the demo, but the encryption feature is not available in the demo.  I contacted Filemaker to ask about encryption, but they did not respond.

 

Has anyone tried the new encryption out?  I am very interested in how it is implemented as well as it's functionality and security strength.

 

Any help would be greatly appreciated.

 

 

Thank you in advance,

 

Fed


  • 0

#2 Ocean West  I have an idea!

Ocean West
  • Administrators
  • 2,752 posts
  • LocationSan Diego
  • FM Application:13 Advance
  • FMGo:iPhone / iPod Touch, iPad
  • Platform:Mac OS X Mavericks
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12, 13
  • Membership:TechNet, FileMaker Business Alliance
  • Time Online: 44d 12h 34m 20s

Posted 08 January 2014 - 10:41 PM

FileMaker Encryption At Rest is to protect the file from threat agents, should your file be on a backup or on a disk. It requires FileMaker Pro Advance to enable. In addition there is SSL encryption for securing the data between Server and Client(s)  (Pro, Go, WD)

 

 

Here is some most excellent information:

 

http://fmforums.com/...ty-enhancement/


  • 0
Stephen Dolenski
FM Forums.com Founder, Administrator

#3 Steven H. Blackwell  Humble Servant

Steven H. Blackwell
  • Moderators
  • 4,737 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12
  • Membership:FileMaker Business Alliance, FIleMaker Platinum Member
  • Time Online: 8d 22h 10m 11s

Posted 09 January 2014 - 04:41 AM

Encryption at Rest (EAR) uses industry-standard 256 bit encryption.  Always select a strong encryption password.  There is a small meter in the developer utilities section where EAR resides that will give you the strength.

 

Steven


  • 0

Steven H. Blackwell
Platinum Member Emeritus, FileMaker Business Alliance
Platinum Member, FileMaker Business Alliance (2007-2011)
Partner Member, FileMaker Solutions Alliance (1998-2007)
Partner Member, Claris Solutions Alliance (1997)
FileMaker Certified Developer 7|8|9|10|11|12
FileMaker Authorized Trainer 9|10|11|12
_ _ ____________________________ _ _
http://www.fmp-power.com
http://www.filemakersecurity.com


#4 fed  enthusiast

fed
  • Members
  • 182 posts
  • LocationToronto, Canada
  • FM Application:13 Advance
  • Platform:Mac OS X Mountain Lion
  • Skill Level:Intermediate
  • Time Online: 1d 2h 46m 47s

Posted 09 January 2014 - 05:36 AM

Thanks.

 

Can you encrypt individual records, or just the whole database?

 

What about encrypting exported files?

 

Also, if I use a 2nd FMP database that can be shared between 2 users (at different times) can encryption be used for that file?

 

Thanks again


  • 0

#5 Ocean West  I have an idea!

Ocean West
  • Administrators
  • 2,752 posts
  • LocationSan Diego
  • FM Application:13 Advance
  • FMGo:iPhone / iPod Touch, iPad
  • Platform:Mac OS X Mavericks
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12, 13
  • Membership:TechNet, FileMaker Business Alliance
  • Time Online: 44d 12h 34m 20s

Posted 09 January 2014 - 08:24 AM

Whole database.

 

No encryption on exported files. 

 

Any database that is encrypted can be "shared" first user that opens he file must present both the EAR and account credentials. 

 

For any additional encryption (field level or record level) you can use a plugin but that adds more overhead and time to encrypt & decrypt. 

or you may need to store a Hash of the unencrypted data so you could search the database by hashing the search string then matching the hashes.


  • 0
Stephen Dolenski
FM Forums.com Founder, Administrator

#6 Steven H. Blackwell  Humble Servant

Steven H. Blackwell
  • Moderators
  • 4,737 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12
  • Membership:FileMaker Business Alliance, FIleMaker Platinum Member
  • Time Online: 8d 22h 10m 11s

Posted 10 January 2014 - 05:12 AM

FileMaker Server can be instructed to open the encrypted file for access by authorized users who then authenticate with their credentials.

 

Steven


  • 0

Steven H. Blackwell
Platinum Member Emeritus, FileMaker Business Alliance
Platinum Member, FileMaker Business Alliance (2007-2011)
Partner Member, FileMaker Solutions Alliance (1998-2007)
Partner Member, Claris Solutions Alliance (1997)
FileMaker Certified Developer 7|8|9|10|11|12
FileMaker Authorized Trainer 9|10|11|12
_ _ ____________________________ _ _
http://www.fmp-power.com
http://www.filemakersecurity.com


#7 fed  enthusiast

fed
  • Members
  • 182 posts
  • LocationToronto, Canada
  • FM Application:13 Advance
  • Platform:Mac OS X Mountain Lion
  • Skill Level:Intermediate
  • Time Online: 1d 2h 46m 47s

Posted 13 January 2014 - 06:25 PM

I bought the advanced program, and I got the encryption working.

From a security standpoint, is it really necessary to include an account name and password, if there is only one user, and the file is encrypted?
  • 0

#8 sal88  getting there

sal88
  • Members
  • 102 posts
  • FM Application:9 Advance
  • Time Online: 1d 15h 58m 57s

Posted 20 January 2014 - 03:07 AM

Great development here! 2 queries:

1. One potentiality we need to consider is if our servers are physically moved (stolen) and then switched on elsewhere. Particularly as we have external authentication via AD, this could be a serious problem. Are there any methods that can be employed to stop data access in this scenario?

2. What is the best pre FM 13 EAR solution? The biggest issue for us is protection of the backup files.

 

Many thanks


  • 0

#9 Steven H. Blackwell  Humble Servant

Steven H. Blackwell
  • Moderators
  • 4,737 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12
  • Membership:FileMaker Business Alliance, FIleMaker Platinum Member
  • Time Online: 8d 22h 10m 11s

Posted 20 January 2014 - 01:00 PM

1.  Never use External Server Authentication to authenticate a [Full Access] Account.

 

2.  Unless they also steal the Domain Controller, they would have to guess the Group Names to spoof the domain.  Possible.

 

3.  Remove the [Full Access] Accounts from the file using the Developer Tool.

 

4.  Employ File Access Protection.

 

5.  Do not use auto-enter credentials.

 

6.  Employ robust and granular Privilege Set construction for all Privilege Sets.

 

Steven


  • 0

Steven H. Blackwell
Platinum Member Emeritus, FileMaker Business Alliance
Platinum Member, FileMaker Business Alliance (2007-2011)
Partner Member, FileMaker Solutions Alliance (1998-2007)
Partner Member, Claris Solutions Alliance (1997)
FileMaker Certified Developer 7|8|9|10|11|12
FileMaker Authorized Trainer 9|10|11|12
_ _ ____________________________ _ _
http://www.fmp-power.com
http://www.filemakersecurity.com


#10 fed  enthusiast

fed
  • Members
  • 182 posts
  • LocationToronto, Canada
  • FM Application:13 Advance
  • Platform:Mac OS X Mountain Lion
  • Skill Level:Intermediate
  • Time Online: 1d 2h 46m 47s

Posted 22 January 2014 - 05:50 AM

What about my question. No server, 1 user. Database on one computer. Encryption enabled, no other security. Is that enough?
  • 0

#11 Steven H. Blackwell  Humble Servant

Steven H. Blackwell
  • Moderators
  • 4,737 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12
  • Membership:FileMaker Business Alliance, FIleMaker Platinum Member
  • Time Online: 8d 22h 10m 11s

Posted 22 January 2014 - 09:01 AM

Not in my view.  Use Account name and password as FileMaker Pro provides.

 

Steven


  • 0

Steven H. Blackwell
Platinum Member Emeritus, FileMaker Business Alliance
Platinum Member, FileMaker Business Alliance (2007-2011)
Partner Member, FileMaker Solutions Alliance (1998-2007)
Partner Member, Claris Solutions Alliance (1997)
FileMaker Certified Developer 7|8|9|10|11|12
FileMaker Authorized Trainer 9|10|11|12
_ _ ____________________________ _ _
http://www.fmp-power.com
http://www.filemakersecurity.com


#12 sal88  getting there

sal88
  • Members
  • 102 posts
  • FM Application:9 Advance
  • Time Online: 1d 15h 58m 57s

Posted 23 January 2014 - 01:07 AM

Thanks for your help Steven!


  • 0




FMForum Advertisers