Jump to content
  • Our picks

  • Topics

  • Blog Entries

    • By John Mark Osborne in The Philosophy of FileMaker
         0
      The biggest mistake I see amateur developers make is using relationships and calculations to create reports. They work great in single-user mode with test records. Put that same solution in a multi-user environment with thousands of records and performance starts to grind to a halt. Add a WAN into the mix and it degrades the speed even further. The same is true for dashboards which often use the same techniques. The aim of this article is to teach standard reporting methods for beginners and seasoned developers alike. While the topics include mostly beginner and intermediate subjects, we'll dive into a couple advanced examples at the end.

      View the full article
    • By Kevin Frank in FileMaker Hacks
         0
      Last year I posted a couple articles on the topic of virtual list reporting (part 1 and part 2), a.k.a. VLR. Today we’re going to look at some additional things you can do with VLR, and to avoid a lot of repetition, this article will assume the reader is familiar with the material covered in […]

      View the full article
    • By FileMaker Magazine in FileMaker Magazine
         0
      Our FileMaker Custom Function database is moving along quickly as we add more user-based features. The feature being added in this part of the series is a Tags/Tagging feature where it takes the concept of a “favorite” much further.
      Rather than using a single field for tagging a record as a favorite, we’ll be using a join table and allowing the user to add as many different tags as desired. The implementation applies to “all users” of the database system, but could easily be modified to become a user centric tagging feature - such that each user could maintain their own set of tags and tagged records.
      Understanding how to implement the full suite of options for interacting with tags is the key to making this feature so valuable for the user. This video will walk you through the pieces and parts of how to implement this useful functionality.
      Click the title or link to this article to view the video.

      View the full article
    • By Skeleton Key in Skeleton Key's Blog
         0
      Mark Richman, President, Greg Lane, VP of Application Development, and Application Developers: Chad Adams, Jay Sayers, Todd Stark, and Jeremy Upton, are headed to Phoenix, AZ from July 24-27 to participate in FileMaker, Inc.'s annual Developer Conference aka DevCon. They'll be staying at The JW Marriott Phoenix Desert Ridge, host hotel of more than 50 DevCon sessions. They will join over 1,500 FileMaker developers to network, catch up with colleagues. Primarily, they will take advantage of the variety of session tracks, to further their knowledge with tips, best practices, and techniques to continue building powerful business solutions for our clients.
      Mark R., Greg L. and Chad A. will have the honor to host the following sessions:
      Tuesday, 7/25, 2:15pm, Grand Saguaro North: 7 Tips for Getting More out of  FileMaker Cloud, with Greg Lane (Deployment Track) Wednesday, 7/26, 10:30am, Grand Saguaro East/West: The Power of Bidirectional Relationships, with Chad Adams (Intermediate Track) Wednesday, 7/26, 1pm, Grand Canyon 7: Security 101, with Mark Richman (Beginner Track) Wednesday, 7/26, 2:15pm, Grand Saguaro East/West: Introduction to SQL and ODBC for FileMaker Developers, with Greg Lane (Intermediate Track) Read more ›
      The post Skeleton Key is Headed to FileMaker DevCon 2017 appeared first on FileMaker Development Company.

      View the full article
    • By Steven H. Blackwell in FileMaker Security Blog
         0
       
      FileMaker DevCon To Convene
      Against Backdrop
      Of Cyber-Attacks Across The Globe
       
       
      July 18th 2017
       
       
      In just a few days, four generations of FileMaker developers and users from all over the world will gather for the 22nd Annual FileMaker DevCon, held this year in Phoenix, Arizona. We will do so against an unprecedented backdrop of critical security issues facing businesses and organizations all over the world.  Organizations of all sizes and from every business sector are vulnerable.  Small to medium-sized businesses are particularly so, especially in the areas of financial services, health care services, and retail services.
      Jeff John Roberts and Adam Lashinsky, the latter well-known as a chronicler of FileMaker, Inc.’s parent company, reported recently:
      …business is under assault like never before from hackers, and the cost and severity of the problem is escalating almost daily.
      (Cybersecurity: How Business Is Protecting Itself
       
      http://fortune.com/2017/06/22/cybersecurity-business-fights-back/)
       
       
      Bob Pisani, well-known business reporter for CNBC, also recently reported on a major cyber-attack:
      …snack food and beverage giant Mondelez International became the latest victim of a cyber attack. The company said it was hit with an attack on June 27 that compromised its ability to ship and send invoices during the last four days of its second quarter.
       
       
      What made this call unusual is that the company quantified exactly how much the attack hurt them: Its preliminary estimate of the impact indicates a 3 percent slice off its revenue growth rate for the quarter.
      (Cybersecurity stocks rally as global hackings start to impact corporate bottom lines
       
      http://www.cnbc.com/2017/07/07/cybersecurity-stocks-rally-on-mondelez-hacking.html)
       
       
      Additionally, in May of 2018 developers and their client organizations on both sides of the Atlantic will become subject to the comprehensive General Data Protection Regulation (GDPR) promulgated by the European Union (EU). Organizations that store data about EU citizens are bound by the GDPR strictures, irrespective of where the organization itself resides.  It will remain to be seen how the EU is able to enforce those requirements outside its own boundaries.
      These issues, of course, also apply to platforms other than FileMaker. But as the developers, administrators, custodians, and users of business systems based on the FileMaker Platform, our principal concerns must be the identification and management of these issues.
      These are not principally technical or programming issues.  They are—first and foremost—business issues:  business criminal and civil liability, business continuity, and business reputation among them.
      ·      Organizations of every type face criminal and civil liability sanctions if a data breach occurs.
      ·      Some attacks and breaches can literally speaking put an organization out of business, rendering it unable to continue functioning and to provide its designated services.
      ·      Even if an organization is able to recoup and to continue, its reputation will be damaged and its brand diminished.
      As FileMaker developers we all have a responsibility to our clients to design our business solutions and to deploy and operate them with these security constraints in mind.  As in-house developers and administrators, we likewise have the responsibility to our customers, our shareholders, our members, and our fellow employees to operate our database systems in a responsible and careful fashion.
      What are some of the more significant and damaging exploits that some Threat Agent could employ against FileMaker Platform business management solutions?  And who are those Threat Agents?
      Threat Agents include a variety of actors, some malevolent, some hapless, some innocent:
      ·      Malicious Outsiders seeking financial gain or seeking to disrupt the organization’s business processes.
      ·      Malicious Insiders, current or former employees, or parts of an organization’s supply chain.
      ·      Inept Insiders who accidentally or unknowingly cause security-related incidents that damage, delete, or otherwise alter critical organizational data.
      ·      Threads in the Supply Chain where carelessness or poor security practices facilitate damage to our own organizational data and functioning.
      ·      Finally, although this by no means is a complete list, inattentive or unknowing developers, administrators, or custodians of FileMaker Platform business management solutions who do not follow Best Practices for Security and management of those systems.
       
       
      What type of exploits can Threat Agents employ that damage these solutions and thereby damage the organization as well?
      ·      Deleting of data, intentional or accidental.
      ·      Altering of data, either obvious or (more problematically) subtle in nature.
      ·      Extracting of data for competitive business purposes or for use for embarrassing or damaging the organization.
      ·      Adding of spurious data.
      ·      Manipulating of tracking processes for key business activities such as invoice or accounts payable processes.
       
       
      What can FileMaker Platform developers and administrators do to protect against these exploits, to lessen vulnerabilities, and to reduce risks of their occurring?  Security Check Lists are almost always bad ideas, because they overlook the dynamic and on-going nature of vulnerabilities, threats, and risks.  Nevertheless, here are a few items to consider:
      ·      Use FileMaker Server and invoke Encryption in Transit for data flowing across networks.
      ·      Employ Encryption at Rest on the database files.  One of the most frequently used attack vectors is getting a copy of the files and performing attacks on them.
      ·      Use File Access Protection on all files in the business management solution to prevent unauthorized access to fields, tables, scripts, value lists, and similar schema elements.
      ·      Use finely-grained Privilege Sets.  Respect the Rule of Least Privileges that states “Users should have all the privileges necessary successfully to fulfill their roles, but no more and no higher privileges.”  Escalation of privileges is a major vulnerability.
      ·      Employ strong credentials to access the FileMaker business management solution.  Use the tools that FileMaker, Inc. provides.  Do not try to invent your own system for doing this. Those artificial or ersatz security systems are rife with vulnerabilities.  This is particularly true of those that first grant access to the file, even at a diminished level of Privileges, and then require the user to take some actions or go through some process before using the system.
      ·      Remember that the User Interface is not part of the Security Schema.  Just because you cannot see or change something via the UI does not mean that an Attacker cannot see it, alter it, or delete it.
       
       
      I will hope to see many of you at the Developer Conference.  And I would be happy to discuss any of these items with you in greater detail.
       
      Steven H. Blackwell
×

Important Information

By using this site, you agree to our Terms of Use.