Securing files in a corporation environment

[New_2_FM]

I was using FileMaker server 3.0.. My FileMaker files are open to all users in my corporation (Windows Active Directory environment). Any domain user can modify or even delete my files if they know file path to my files. I just don't feel comfortable about this, even though I know they won't do such things. Now we are migrating to FileMaker Server 7.0... Is there any documentation somewhere that I can review to secure files in the Windows environment?

Thank you.

Jackson

[Tony O]

New2,

You should check out the link below;

Filemaker Best Practices

Basically, never ever put your Server files on a networked volume, and strive to keep to the "one server, one service" philosophy.

enjoy the read, it's not long but it's extremely helpful!

Tony

[BrentHedden]

One way I tell my clients to deal with this sort of thing to to make sure they setup the directory (the one that all the FM files are in) to be shared, but only a certain group (like Administrators), or one person has access to it. This can be done fairly easily through the permissions setting in Windows.

Or, better yet, make sure that directory isn't shared at all (improves performance) and whoever wants to access/modify these files directly has to physically be at the server machine that's running FMServer.

V7 has some vast improvements in how it handles security. Usernames and passwords are extrememly easy to set up, and modifying permissions for each user is much better and easier.

I know the FileMaker website has a few whitepapers on such a topic. I've also seen a few different discussions on this forum concerning such.

Also, there is a new book out by Steven Blackwell. He's considered to be the 'top expert' when it comes to FM security. I've attended a few of his presentations at past developers conferences, and he really knows what he's talking about. Check out this website - http://www.filemakersecurity.com to purchase the book.

[New_2_FM]

let me check them out.

Thank you all.

Jackson

[Ted S]

New 2 FM,

I was in your shoes a year ago. We went from 3.0 to 7.0 and the difference is night-and-day. In the past it was difficult to honestly stand behind any security scheme in FileMaker. Now I'm using external authentication (AD) for all users so we have a much much more secure database yet nobody has to even provide a password to login. Simply fabulous!

As far as file sharing, like the other said; don't do it. The folder that contains our database files on our host server is a hidden share that is only accessable by domain administrators. Since regular users can't get directly to the files this method of restricted sharing has never caused a problem for us.

In the past, when I needed to work on a file I would shut it down at the server and then connect to the hidden share from my local machine. When finished I would un-map the drive and fire up hosting again. This has worked well for many years.

In case you don't know it, with v7 you can add fields, change layout order, etc. while users are connected so the need to take the system down doesn't happen as frequently as it did in the past.