So how do I prevent someone from using their own copy of Filemaker Pro, creating a database, identifying my hosted but hidden database as an external data source and then browsing any records in the file?

Passwords.

Additional security can be offered by a VPN, but it all boils down to restricting access through passwords and well-considered access privileges.

I setup passwords and security but I am not sure I understand if can be improved. If someone knows the hosted database name and they have a password to access that database, is there anyway to prevent them from creating a new database, referencing the hosted/remote database as an external data source, creating layouts and viewing every table/record in the database?

... I hate to ask this, but why give the person a user name and password in the first place?

Without usernames and passwords how would you control security on databases?

Record Level Access can help with this. But it is not a 100 percent solution.

Steven

I was hopnig there was an extended privledge setting somewhere.

In regards to the Record Access, I understand I can setup limited access based on a function call but the application in question uses the sepration model and I would like to record restrict access to the "Data" database to calls from the "Screens/Scripting" database. Any suggestions?