mbarrett65

WebDirect -- how secure?

5 posts in this topic

I currently have a Filemaker 15 solution running on Filemaker Server 15 Advanced. We are currently accessing the solution on Webdirect via VPN connection. I would like to open ports 80/443 so that users could access the solution without connecting to VPN. However, my IT department has flagged security concerns. My question is how real the security concerns are. I know that Filemaker Server 15 Advanced should be encrypting the data. Would that make a non-VPN connection secure? Thanks for any advice.

Share this post


Link to post
Share on other sites

what were the security concerns that they raised?

 

There is a lot more to security than just using SSL to encrypt the data in transit.

Share this post


Link to post
Share on other sites

Thanks for your response. I think they felt the browser access via ports 80/443 would make the DB vulnerable to hacking. 

Share this post


Link to post
Share on other sites

Well you do shift the main outwards facing login from the VPN to WebDirect. I can imagine the IT department not liking to lose control. How safe your DB is then shifted to how safe you make your solution on FileMaker Server. Still if you secure it well, you should be fine. 

A couple of basic things to keep in mind:

1. Disable the FileMaker Server resources that you don't actively use: XML, ODBC and PHP api.

2. Use External Authentication to let the IT department be the administrator of the user accounts.

3. Be sure to remove all files without good account security ie. sample files or files with open guest access. Don't list open files without login.

Share this post


Link to post
Share on other sites

Thank you for these tips, much appreciated!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • By drrehak
      greetings all!  A question for the network security gurus: I have Supercontainer running in standalone mode.  My router has port forwarding to the machine (Mac-mini).  My credit card vendor requires security IP address scans and I am failing due to the port forwarding on the router.  what is best practice?  I am using a router flashed with Tomato Shibby.
    • By Scott Pon
      Hi All. 
      I'm trying to understand how this works in my environment.  We have Filemaker 13 Server, with FM Pro and FM Pro Adv clients.  We are in a Windows Server 2012 Domain.  
      So if I get an Ipad and connect it to the network, then download and install FM go, how does it connect to the FM server?  will there be a problem with the Domain? The Ipad doesn't join the domain. Since it isn't joined, it also wouldn't be able to access the fileserver to view PDFs on the fileserver.  is this correct?
      Extra question non-FM.  What concern do you have with the Ipad being hacked?  The Ipad would be on the network (even if it didn't get fileserver access).  It could cause a security issue.  
      thanks, not sure if I'm correct on these things.  so let me know if I'm wrong.
      Scott
    • By SarahS
      I have a solution that is hosted by FMS14 and remotely accessed by my client.  My development files have file access protection enabled, and I have authorized the opener file to open the UI file, but they do not have encryption-at-rest (EAR) enabled.  Prior to uploading the files to server, I add EAR protection.  I am confused because after the encrypted files are uploaded and I go to open them with the opener file (that I thought was authorized), I get the error message that the opener file is not authorized and I am required to input my full access credentials.  I am willing to do this, but it means that every time I update the files, I have to re-send my client the opener file that has been authorized for the updated files, and they have to download and replace their opener file for all users and I would like to eliminate this hassle for them.
      Is there a way to allow the opener file to remain authorized when uploading updated files?  Do I need to add authorization for the opener file while the UI and data files have EAR enabled? 
      Thank you for your guidance!
    • By RyanESmith7
      Is there any way to get autofill in the browser to autofill the username and password? I've created a guest landing page for the user to be able to input their login info, but it still doesn't autofill. 

      It is the number 1 complain of the users of my solution. I really wish that I could solve it.
      (Please don't tell me it's a security issue, even both of my BANKS let me save my user id, if i'm so inclined)
       
    • By H
      Hi
      Wonder if anyone has come across or developed a chat/ inside messenger that would work for webdirect users.
      FMChat form Seedcode is gr8 but can not be used for the webdirect users which are the majority of my users .
      would appreciate your comments