Steven H. Blackwell

A Forward Look About FileMaker Platform Security Developers and users of the FileMaker Workplace Innovation Platform must be concerned about security of their deployed solutions. Likewise, they must have a forward-looking perspective about key issues in this arena. Security has its major purpose the preservation of Confidentiality, Integrity, Availability, and Resilience (CIAR) of their systems. Liabilities resulting from breaches can substantially affect continued business operations, continued business existence, imposition of civil or criminal sanctions, brand reputation, and customer or client confidence. I see at least ten security concerns that the FileMaker Developer Community must consider going forward for the next few years and development cycles: The Business of Security: What Is Security Supposed To Do? Zero Trust implementation for the FileMaker Platform [https://fmforums.com/blogs/entry/2047-federated-identity-management-zero-trust-and-the-filemaker-platform/] Federated Identity Management and the end of FileMaker Accounts in files Native Multi-Factor Authentication (not SMS) Further implementation of Secure by Default and Rule of Least Privileges for the FileMaker Platform Expansion of Roles-Based Construct in the FileMaker Platform SaaS Security Implementation for the FileMaker Platform Building a Culture of Security in the FileMaker Developer Community Building a Culture of Security among the FileMaker Customer Base The Coming Regulatory and Political Onslaught Against the Tech Sector So as we go through the just-started FileMaker, Inc. Fiscal Year running up to the next version release and the 2019 DevCon, we should keep these elements in mind. Steven H. Blackwell, Platinum Member Emeritus, FileMaker Business Alliance

Hello, Peter. Are you calling the machine by its IP address or by its Fully Qualified Domain Name? The latter is required to get a ConnectionStatus of 3 aka the "green lock" symbol. Steven H. Blackwell

The face of computing and data access has changed enormously over the past decade. In an always-on, connect-from-anywhere, mobile-device-driven world, the network perimeter has disappeared. With that disappearance has come a variety of new security and business process challenges to the Confidentiality, Integrity, Availability, and Resilience of organization digital assets. Coupled with growing regulatory strictures, business reputation management requirements, and customer or client trust, modern day information management challenges have multiplied. Verification of authenticity of users who seek to access these assets is now the major information security challenge. Federated Identity Management is one of the most important concepts in modern Information Security Services. What is it, and how do developers and administrators implement it? What problems does it solve? How does it relate to the FileMaker Platform? A new White Paper discusses this and the related concept of Zero Trust Security, something very important to the future of the FileMaker Platform in my view. You can download the White Paper here: https://fmforums.com/files/file/105-federated-identity-management-zero-trust-and-the-filemaker-platform/ Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance

View File Federated Identity Management, Zero Trust, And The FileMaker Platform Federated Identity Management is one of the most important concepts in modern Information Security Services. What is it, and how do developers and administrators implement it? What problems does it solve? How does it relate to the FileMaker Platform? Submitter Steven H. Blackwell Submitted 07/09/2018 Category White Papers FM Version Not Applicable  

The new version of the FileMaker Platform contains a new feature called Account Lockout. This feature’s purpose is to help thwart brute force attacks against hosted files. Such attacks try a large number of passwords against an Account in an attempt to gain access to the file. Here are a few key points about this new feature: v It works for files hosted on FileMaker® Server 17 only. It does not work for files hosted on earlier versions of FileMaker Server or for stand-alone files. v It works against internal FileMaker Accounts only. Externally authenticated Accounts, including those using oAuth, have their own rules regarding failed attempts. v Any version of FileMaker Pro that can access the files on the Server can trigger this feature. It does not have to be a FileMaker® Pro 17 Advanced client. For a detailed description of this new feature, complete with illustrations, you can download the attached PDF. Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance WhatIsAccountLockout_v1R.pdf.zip

View File FileMaker® Server 17: Admin Console, Admin CLI, And Admin API Extensive discussion of new methods for administering FileMaker Server. Joint authored with Wim Decorte. Submitter Steven H. Blackwell Submitted 05/15/2018 Category White Papers  

View File FileMaker® Server 17: Server Monitoring Functionality Discussion of new processes for monitoring FileMaker Server. Jointly authored with Wim Decorte. Submitter Steven H. Blackwell Submitted 05/15/2018 Category White Papers  

View File FileMaker® Server 17 And SSL Certificates: Configuration And Use Information about new SSL processes and options. Jointly authored with Wim Decorte. Submitter Steven H. Blackwell Submitted 05/15/2018 Category White Papers  

The Women of FileMaker organization is sponsoring a Pause On Error FileMaker Conference May 7th-8th in New Orleans. More information at the website: https://www.pauseonerror.com/ Steven H. Blackwell

OK, there is some confusion here about how all this works. First, I would recommend that you use FileMaker Server to host your file, rather than try to access it peer-to-peer as you are trying to do here. The error message you are receiving is the result of processes designed to protect your file. if you want to employ peer-to-peer, open the FileMaker file on the machine where it physically resides. Then, from elsewhere on the network, launch FileMaker Pro and go to the hosts dialog. Your file should be visible there. Clicking on the link will launch the file on the guest machine. Port 5003 likely needs to be open on all machines. Steven H. Blackwell Platinum Member Emeritus, FileMaker Business Alliance

"Are you saying that OnOpenTriggers can be bypassed by someone whose privilege set is authorized to only execute scripts, who has no authorization to edit layouts, edit value lists, or edit (or view) scripts?" Yes, that is correct. It may vary, as you suggested, from situation to situation. This is one of the reasons we advise people not to employ such scripts for "security" purposes. As previously noted, as we have gone from version to successive version over the past 13 3/4 years, FIleMaker, Inc. has worked to close a number of the potential attack vectors, including external file manipulation and use of external API's. Remember also, please, that the script itself has nothing to do really with gaining access to the file. If someone obtains credentials for an Account, that person can access the file. In most instances accessing the file with trigger the OnOpen script. But we cannot 100% guarantee that in every instance that this will occur. In fact, we can state the opposite; in some instances it can be possible to by-pass the firing of the script. And circumstances will vary version by version. I realize this is not the answer you wanted to hear. However, it is the best information I can provide you about this topic. Steven H. Blackwell