Jump to content
mbarrett65

WebDirect -- how secure?

Recommended Posts

I currently have a Filemaker 15 solution running on Filemaker Server 15 Advanced. We are currently accessing the solution on Webdirect via VPN connection. I would like to open ports 80/443 so that users could access the solution without connecting to VPN. However, my IT department has flagged security concerns. My question is how real the security concerns are. I know that Filemaker Server 15 Advanced should be encrypting the data. Would that make a non-VPN connection secure? Thanks for any advice.

Share this post


Link to post
Share on other sites

what were the security concerns that they raised?

 

There is a lot more to security than just using SSL to encrypt the data in transit.

Share this post


Link to post
Share on other sites

Thanks for your response. I think they felt the browser access via ports 80/443 would make the DB vulnerable to hacking. 

Share this post


Link to post
Share on other sites

Well you do shift the main outwards facing login from the VPN to WebDirect. I can imagine the IT department not liking to lose control. How safe your DB is then shifted to how safe you make your solution on FileMaker Server. Still if you secure it well, you should be fine. 

A couple of basic things to keep in mind:

1. Disable the FileMaker Server resources that you don't actively use: XML, ODBC and PHP api.

2. Use External Authentication to let the IT department be the administrator of the user accounts.

3. Be sure to remove all files without good account security ie. sample files or files with open guest access. Don't list open files without login.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×

Important Information

By using this site, you agree to our Terms of Use.