FileMaker Web Security...a better solution?

[ibiubu]

I was just curious about one aspect of FileMaker security online.

The Scenario:

A database is being shared via web companion and instant web publishing. No specific access privledges have been set in FileMaker...allowing easy web access to the html encoded web pages linking to the database via the web (no desire for users to have to enter a username and password to access the database).

The database is also being administrated over the local office nework by 4 or 5 other employees via FileMaker. To do so FileMaker prefs have been set to allow this. TCP (not AppleTalk) protocol is being used in this case.

With this scenario, and without any added security measures being applied, I found it quite easy to access the database remotely over the internet. It was easy enough to determine a IP address of the machine serving up the database by taking a close look at the web pages being served up by web companion. From a remote location I was then able to use FileMaker over the internet, enter the IP address, and up came the FileMaker database in all its glory, complete access and all.

Now of course this type of thing is UNACCEPTABLE. Here was my solution.

1) I installed Norton Personal Firewall on the MAC that is running my database and web companion. I set it to just allow incoming access via web browsing. For everything else I blocked all access EXCEPT for the IP addresses of the machines on the office local network and my computer at home over the internet, allowing access to the database for those machines.

2) I guess I could have also set my DSL router to block any access to port 5003 (the port FileMaker uses), but this would have also blocked any access I might want to have to the database over the internet from home.

My solution was fairly easy. I just wanted to know what other type of options might be available for this type of scenario?

[Vaughan]

Errr, the Web Security databases?

[scratchmalogicalwax]

the web security databases will only work when accessing the database thru WC

If you have an FMServer on the internet as I do you have to close port 5003 somehow as you have done. Otherwise any john doe can fireup FMPro client specify your FMServer IP address in hosts and get some form of access to your database depending on password access etc.

I have closed the port on my router because there is no need for remote access but firewall protection is better as you can specify IP's to allow

The easiest way round this problem for those who do not share their web databases between FMPro Clients is to make the files single user.

[ April 04, 2002, 05:17 AM: Message edited by: scratchmalogicalwax ]

[Anatoli]

You don't have to give up IP access. Just set firewall open for all IP, which will access FM remotely.