mbarrett65

WebDirect -- how secure?

5 posts in this topic

I currently have a Filemaker 15 solution running on Filemaker Server 15 Advanced. We are currently accessing the solution on Webdirect via VPN connection. I would like to open ports 80/443 so that users could access the solution without connecting to VPN. However, my IT department has flagged security concerns. My question is how real the security concerns are. I know that Filemaker Server 15 Advanced should be encrypting the data. Would that make a non-VPN connection secure? Thanks for any advice.

Share this post


Link to post
Share on other sites

what were the security concerns that they raised?

 

There is a lot more to security than just using SSL to encrypt the data in transit.

Share this post


Link to post
Share on other sites

Thanks for your response. I think they felt the browser access via ports 80/443 would make the DB vulnerable to hacking. 

Share this post


Link to post
Share on other sites

Well you do shift the main outwards facing login from the VPN to WebDirect. I can imagine the IT department not liking to lose control. How safe your DB is then shifted to how safe you make your solution on FileMaker Server. Still if you secure it well, you should be fine. 

A couple of basic things to keep in mind:

1. Disable the FileMaker Server resources that you don't actively use: XML, ODBC and PHP api.

2. Use External Authentication to let the IT department be the administrator of the user accounts.

3. Be sure to remove all files without good account security ie. sample files or files with open guest access. Don't list open files without login.

Share this post


Link to post
Share on other sites

Thank you for these tips, much appreciated!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • By pcognetti
      Sorry for my poor english
      I made an application in FM15 that is used on the Web
      The application shows some HTML paginated data and then print with the print command of the browser used.
      I have no problem with Safari and Chrome, while Firefox will not let me see the contents of the Web Viewer.
      In the web viewer content is so:
      "Data: text / html,
      <Html>
      <Head>
      .
      .
      .
      .
      </ Html>
      "
      Firefox in the web viewer frame does not see anything
      if I open the source of the frame it makes me see the HTML text content but it does not render HTML
      Some idea?
      Paolo Cognetti
    • By FoggyMt
      My client is using FM Server 14. On it I have a web form that is accessible to the public. It requires no user name or password...it's entirely open via guest login.
      I have server scripts that import the data entered into a broader ticketing solution that is locked down. The tickets are then deleted in the guest-accessed file. We are now looking at upgrading to FM Server 15 and the new licensing model.  I have a sinking solution that this kind of approach is untenable with FM's new paradigm.
      Is this approach broken w/FM Server 15...requiring me to use something like Google Forms for data capture?
    • By drrehak
      greetings all!  A question for the network security gurus: I have Supercontainer running in standalone mode.  My router has port forwarding to the machine (Mac-mini).  My credit card vendor requires security IP address scans and I am failing due to the port forwarding on the router.  what is best practice?  I am using a router flashed with Tomato Shibby.
    • By Scott Pon
      Hi All. 
      I'm trying to understand how this works in my environment.  We have Filemaker 13 Server, with FM Pro and FM Pro Adv clients.  We are in a Windows Server 2012 Domain.  
      So if I get an Ipad and connect it to the network, then download and install FM go, how does it connect to the FM server?  will there be a problem with the Domain? The Ipad doesn't join the domain. Since it isn't joined, it also wouldn't be able to access the fileserver to view PDFs on the fileserver.  is this correct?
      Extra question non-FM.  What concern do you have with the Ipad being hacked?  The Ipad would be on the network (even if it didn't get fileserver access).  It could cause a security issue.  
      thanks, not sure if I'm correct on these things.  so let me know if I'm wrong.
      Scott
    • By SarahS
      I have a solution that is hosted by FMS14 and remotely accessed by my client.  My development files have file access protection enabled, and I have authorized the opener file to open the UI file, but they do not have encryption-at-rest (EAR) enabled.  Prior to uploading the files to server, I add EAR protection.  I am confused because after the encrypted files are uploaded and I go to open them with the opener file (that I thought was authorized), I get the error message that the opener file is not authorized and I am required to input my full access credentials.  I am willing to do this, but it means that every time I update the files, I have to re-send my client the opener file that has been authorized for the updated files, and they have to download and replace their opener file for all users and I would like to eliminate this hassle for them.
      Is there a way to allow the opener file to remain authorized when uploading updated files?  Do I need to add authorization for the opener file while the UI and data files have EAR enabled? 
      Thank you for your guidance!