Security

[fed]

I just got FilemakerGo, and think this is a great step forward. I had tried to use FMtouch, but it was so hard to work with, that I gave up on it.

I am a physician, and use Filemaker for my Medical records and prescription writing. My main concern (other than the missing printing feature, which I assume will be coming if we pester them enough) is security. FMtouch had database encryption. Filemaker support just informed me that FilemakeGo does not. In fact, none of the Filemaker Pro databases can have encryption.

My question is this: How secure is the data on FilemakerGo, and Filmaker Pro in general?

[Vaughan]

FM Go is a version of the FMP client. The FMP file is encrypted so the data cannot be viewed in a text editor. I do not know the strength of the encryption.

With files hosted in FMS the data can also be encrypted between the server and the client with SSL.

As with all things, if the data is confidential or valuable, don't share it and don't copy it.

As for printing, it's a platform limitation. Steve Jobs has already said it's coming.

[fed]

This is what I got from FMP support:

"Answer is FileMaker Server 11 has SSL and data encryption I apologize if I did not make that clear, since you do not share you data over the web then SSL is not what you will use, but you can still use the data encryption feature within the FileMaker Server 11/FileMaker Server 11 Advanced. By adding using data encryption within the FileMaker Server 11/FileMaker Server 11 Advanced product this is adding extra security to your already set passwords on your database."

This seems to be saying that normal FMP files are not encrypted, and hence at risk for data extraction by hackers. Am I right or wrong?

Thanks for your help,

Fed

[Matthew F]

You might want to take a look at this white paper: Whitepaper fm7 security.

In regards to the .fm7 file format (p.8):

"The database file is not encrypted, but the data is obscured via a proprietary Unicode compression algorithm. This will help prevent casual attackers from extracting data from copies of the application files using a text-editor. "

[boley]

(sorry mfero, I meant to be replying to the orginal post)

If you are concerned about the fp7 file not being encrypted, I believe you could serve it from an encrypted folder that is managed by the OS or a product like truecrypt.

I have fms make backups to a truecrypt volume, on a portable drive that is also backed up in the cloud. The idea being, the data should be encrypted anytime it leaves the security of the data center. As others have said using the SSL feature of the server protects the data during transit to the FM client.

I don't worry so much about the operating file since the server is in a locked cabinet in a secure server room.

Edited August 27, 2010 by Guest

[Vaughan]

No, FMP files are not encrypted. Then again, which other database files are encrypted?

FMP files are compressed so they cannot be read by a text editor.

The SSL that you refer to is encryption of the data transferred over the network between FMS and the client computer.

The physical access to the database file is key to the overall security: this is with any database, not just FMP. Once hosted in FMP with SSL enabled the data is secure (or as secure as it can be).

[Steven H. Blackwell]

The real issues here are the security vulnerabilities of the iPad or iPhone themselves and to some extent of the hibernation properties of FM GO. The data coming into the mobile device, if they start at FileMaker Server, can be encrypted in transit. They are not encrypted while at rest.

At the present time I am not recommending use of iPad for HIPAA compliant activities.

Steven

[Jenny Hallward]

i think it wont work with my i touch @@