Jump to content

FileMaker Security In Depth Questions

SupportGuys89

By SupportGuys89
in Security Concepts

 Share

This topic is 3241 days old. Please don't post here. Open a new topic instead.

Recommended Posts

SupportGuys89 Rookie

SupportGuys89

Posted
Posted

Hello All,

Just a little background info; We have a great application which is used by banking institutions, and we are being asked some due diligence questions based on IT concerns of our client. These are a few of the questions they are asking, and if anyone could provide some insight I would greatly appreciate it.

How is communication encrypted between clients and host?   It is my understanding that this is using a Secure Socket Layer (SSL) connection in between our FileMaker Server and FileMaker Pro/ADV users. We do have SSL enabled on our FileMaker server database settings. Is this sufficient information to answer this question, should more details be provided (SHA type, Hash Values etc..)or is it not necessary?

How and where is our client data encrypted? This is the question that really threw me for a loop. I did take a look at the security documents for FileMaker, but the only mention of encryption is "Data encryption - The data stored within a FileMaker file can be encrypted..." It is my understanding that .FMP files already have some security features in place, such as privilege sets file access levels and so on. However, I know this does not mean encryption. This simply means we have security features on our filemaker data files. How does this relate to encryption or does this at all? Do we need a 3rd party encryption application to handle this? That is just the encryption part of my question, the Where throws me for an even further loop. The Where should be on the database server where our live files are held, as live client data is hosted files, but this part is just my assumption. Again any insight here would be greatly appreciated, hopefully one of the many FileMaker Developer have encountered these types of questions before and can shed some light on the topic.

Thanks!

Link to comment
Share on other sites
Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

FileMaker Pro provides for encryption of the individual files.  This is called Encryption At Rest.  The Advanced version of the product provides the tools to invoke this option.  When in place, this encryption applies to the files hosted by FIleMaker Server as well as to backups created by FileMaker Server. Distinguish this please from Encryption In Transit that is invoked on FileMaker Server.  That protects the data while they are in transit across the network.

Encryption is, of course, only one element of a suite of tools and processes needed to assure Confidentiality, Integrity, and Availability as well as Resilience of the FileMaker Pro solution.

 

Steven

  • Like 1
Link to comment
Share on other sites

This topic is 3241 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept