IWP Security

[mauddib6]

I have been using FM for 3 years, but have never had a need to publish on the web till now. Are there security risks in IWP for the computer since you are making an IP address available on the web. We are behind a pretty secure firewall, but did not want to make any compromises. Can people "sneak" into other databases such as a related one? Thanks for your help.

[Steve T.]

Howdy, m! Security is always relative and the more things you do, the more at risk you become. I don't have it handy, but FM publishes a PDF on FileMaker and Web Security... in fact, I think it comes installed as standard documention with FileMaker Pro (in FM6, check the "Web Security" folder inside your FM folder).

From what I understand, IWP uses the same security your databases normally have, so if you do not require web users to log in, then they will have the same privileges as a user w/no password does. All of that is definable by you, though.

FileMaker's own security is not necessarily strong enough, though, depending upon what you are afraid someone will access. I would definitely not recommend you web publish a db w/ccn's or ssn's or anything like that. I think I read a thread by Bob Weaver that really put FM's security to the test and he and some of the others who seem knowledgeable in this area were able to get in to "protected" databases given a little time.

But, like I said... security's relative so you just have to measure the risk and make a judgement call (judgment always looked weird to me). Personally, I just don't web publish databases that have anything more confidential than addresses and phone numbers.

--ST

[mauddib6]

Thank you so much. I feel like one of those idiots to whom you say, "Why don't you just read the instructions." I was reading some books on FM for IWP, but did not even think about checking the FM documentation. Have a great day.