Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×
  • entries
    45
  • comments
    63
  • views
    107,635

About this blog

Discusses issues of Confidentiality, Integrity, and Availability of FileMaker Pro databases.

Entries in this blog

Protect Your FileMaker Server and Files From A Vulnerability

I have recently learned that there may be any number of FileMaker Server installations world-wide that are hosting files that open automatically without credentials challenge to the [Full Access] Privilege Set. The default-installed FileMaker Server Sample File is one of these; however, there are others. This is not such a good practice. Such files offer an attractive attack vector that a Threat Agent can use to inflict damage on the FileMaker Server machine or on its hosted files. If a Thr

Steven H. Blackwell

Steven H. Blackwell

FMI Security Webinar

FMI Security Webinar On February 11th FileMaker, Inc. presented two webinars on FileMaker Platform Security. I am highly gratified that FileMaker, Inc. did this. These webinars, conducted by Consulting Systems Engineer Rosemary Tietge, clearly laid out the case for following Best Practices for securing files and their data across all elements of the FileMaker Platform. I want to expand on a number of recommendations about enhancing FileMaker file security from those webinars. By way

Steven H. Blackwell

Steven H. Blackwell

Newest Version of FileMaker Platform Brings Significant Major Security Enhancement

Newest Version of FileMaker Platform Brings Significant Major Security Enhancement FileMaker, Inc. today released the latest version of its Platform: FileMaker® Pro 13, FileMaker® Pro 13 Advanced, FileMaker® Server 13, and FileMaker® GO 13. This release brings many significant new features to the platform including the innovative FileMaker WebDirect client access. But to me the most significant enhancement is Encryption of Data at Rest (EAR). Addition of this critical and key function

Steven H. Blackwell

Steven H. Blackwell in General

Default Security Settings in FileMaker Pro

From time to time people ask me why the Privilege Set bits in FileMaker Pro are all turned OFF by default. Would it not be easier and better for security purposes, the questions go, if all these were turned ON instead? The answer is No; here is why. First, some history. Prior to the introduction of FileMaker® Pro 7 in March 2004, all of the privileges–as they then existed–were turned on by default. Developers then had to wade through a veritable sea of settings and options to limit acc

Steven H. Blackwell

Steven H. Blackwell

FileMaker Security Survey Reveals Interest and Some Confusion

FileMaker Security Survey Reveals Interest and Some Confusion   During early and mid-July, I posted on FM Forums a multi-question survey asking people about their use of various FileMaker product security features. I also asked for any comments or for any recommendations they might have for enhancing product security features.

The results are interesting. They reveal a high level of use of many security features; they also indicate some areas of confusion about how security features in FileMa

Steven H. Blackwell

Steven H. Blackwell

Assessing Threats, Vulnerabilities, and Risks to FileMaker Pro Databases

Assessing Threats, Vulnerabilities, and Risks to FileMaker® Pro Databases Hosted FileMaker Pro databases are susceptible to unauthorized access, manipulation, destruction, and other forms of compromise. Developers and server administrators need to understand how to assess threats and the risks of those risk’s occurring as various threat agents seek to exploit vulnerabilities. This process starts with an understanding of the environment where the databases operate. We h

The Beginning Of Wisdom

“What's in a name? that which we call a rose,
 By any other name would smell as sweet.” —Juliet (Romeo and Juliet, Act II, Scene 2, William Shakespeare)— “The beginning of wisdom is to call things by their proper name.” —Confucius— An entire series of recent studies[1] published by well-known and well renown international security analysis and information industry firms have all made, in slightly varying language, the following key points: Da

Ten Frequently Encountered Practices That Can Compromise Security of FileMaker Pro Files

Ten Frequently Encountered Practices That Can Compromise Security of FileMaker Pro Files April 9th 2013 In our last installment, I noted: “In 2013, I will be focusing on promoting the goal of achieving that understanding [meaning understanding FileMaker Server] along with the parallel and related one of overcoming a similar lack of understanding and awareness about FileMaker security items.” In this post I want to focus on ten frequently encountered practic

Steven H. Blackwell

Steven H. Blackwell

Unskilled and Unaware

Unskilled and Unaware Nearly fourteen years ago two Cornell University psychologists authored a definitive study titled Unskilled and Unaware of It. Their core thesis was that persons who were unskilled in any number of domains suffered a dual burden. They reach erroneous conclusions and make incorrect and unfortunate choices on the one hand. And second, their lack of knowledge and competence robs them of the ability to recognize their errors. They are incorrect; yet, they believe that they

Steven H. Blackwell

Steven H. Blackwell

FileMaker Server 12 BackUps FAQs

FileMaker Server 12 BackUps Frequently Asked Questions     FileMaker® Server 12 has a number of new features for creating backups of databases it hosts.   As evidenced by questions raised at the 2012 DevCon and as evidenced by a number of items posted on various FileMaker lists, there is a good deal of confusion still about how the new backup system works.   Wim Decorte and I have authored a short set of Frequently Asked Questions along with their answers about this topic. You can downloa

Steven H. Blackwell

Steven H. Blackwell

FileMaker® Server 12: Bold New Steps

April 27th--Update. We were recently advised that a last minute change in the encryption level of secure storage resulted in that encryption's being 128 bit, not 256 bit as the attached document on Containers states. This is still a strong level of encryption.   April 4th 2012 Today’s release of FileMaker® Server 12, together with its companion FileMaker Pro and FileMaker GO products, marks another important milestone on the FileMaker, Inc. Product Roadmap. FileMaker Server is at the center

Steven H. Blackwell

Steven H. Blackwell

External Server Authentication and [Full Access] Privileges… Life (or FileMaker) May Not Be What At First It Seems

External Server Authentication and [Full Access] Privileges… Life (or FileMaker) May Not Be What At First It Seems -By- Steven H. Blackwell Someone recently advised me about a discussion on a FileMaker List that focused on the supposed ability of a user with an Account authenticated by External Server Authentication and attached to the [Full Access] Privilege Set to make changes in a hosted file’s security schema. (Technically this is a Group, not an Acco

Steven H. Blackwell

Steven H. Blackwell

Gas, Liquid, or Solid: Drive On

Gas, Liquid, or Solid: Drive On --By— Steven H. Blackwell January 3rd 2012 Happy New Year to FileMaker developers and users around the world. We have a lot of work to do in the FileMaker World in 2012, and I am eager to get started. A very key element and requirement for the reliable and safe deployment of FileMaker Pro files is, of course, FileMaker Server. And, of all the components of a FileMaker Server deployment, none is more important, I woul

Steven H. Blackwell

Steven H. Blackwell

A Different Perspective On Recently Released FileMaker, Inc. How To Paper Regarding External Authentication Configuration

A Different Perspective On Recently Released FileMaker, Inc. How To Paper Regarding External Authentication Configuration By Wim Decorte and Steven H. Blackwell I am pleased to have as co-author of this BLOG posting the renown and exceptionally highly regarded “developer’s developer” Wim Decorte. FileMaker, Inc. recently published a FileMaker How To article entitled Replicating an External Authentication Environment for Develop

Steven H. Blackwell

Steven H. Blackwell

Locks, Keys, and Lock-Picking

Locks, Keys, and Lock-Picking By Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance Recently, an experienced FileMaker Pro developer posed a question on developer group list about the behavior of FileMaker Pro files. Paraphrased, that question is as follows: We've come across a small, but possible, security issue.

 If a user has clicked the "Remember my password in my keychain", 
anyone can log in to the FMP system if the person has access t

Steven H. Blackwell

Steven H. Blackwell

Did You Hear What I Said?

July 26th 2011 Did You Hear What I Said? By Steven H. Blackwell News media on both sides of the Atlantic were all agog last week over the alleged hacking of cellular phone voice mail accounts of politicians and crime victims by reporters of the now defunct News of the World tabloid. These are serious matters, and much of the coverage has been appropriately professional. Other media coverage however can be characterized in my view as lurid and as having an undertone of “Lo

Steven H. Blackwell

Steven H. Blackwell

Back Me Up, Don’t Take Me Out, Are You Never Gonna Do That?

Back Me Up, Don’t Take Me Out, Are You Never Gonna Do That? --By-- Steven H. Blackwell June 13th 2011 Well, with apologies to Emilia De Poret, this adaptation of her hit song’s title pretty well describes the system and process of FileMaker Pro file backups. Most all developers and IT Administrators who design or manage FileMaker solutions and deploy them in conjunction with FileMaker Server understand that a good backup system is absolutely one of several major requirement

Steven H. Blackwell

Steven H. Blackwell

The Power and Advantages Of External Server Authentication With FileMaker Server

The Power and Advantages Of External Server Authentication With FileMaker Server By Steven H. Blackwell May 9th 2011 Since the advent of FileMaker® Server 7 in 2004, FileMaker developers have been able to employ External Server Authentication for controlling Identity and Access Management to FileMaker files when hosted by FileMaker Server. Yet, either from lack of knowledge or from incorrect assumptions about the process, many do not employ this powerful option.

Permissive Versus Restrictive Privileges In FileMaker Pro Databases

Permissive Versus Restrictive Privileges In FileMaker Pro Databases —By— Steven H. Blackwell April 25th 2011 In older versions of FileMaker Pro, those prior to FileMaker® Pro 7, privileges were, by default, permissive. This means that users were allowed to perform all actions by default. With the introduction of the modern versions of the FileMaker Family of Products, with their appropriate focus and attention to industry standards in the security realm, the default privile

Steven H. Blackwell

Steven H. Blackwell

Cloud Computing, Remote Hosting And FileMaker Pro Databases

Welcome to the first posting to my new FileMaker Security blog. From time to time, I’ll be discussing issues of significance and importance related to FileMaker Pro and FileMaker Server security. In all these discussions I will keep foremost the concept that security is supposed to be focused on the preservation of the Confidentiality, Integrity, and Availability (CIA) of digital assets, and sometime of physical ones. This first posting will focus on issues related to cloud computing secu

Steven H. Blackwell

Steven H. Blackwell

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.