Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×
The Claris Museum: The Vault of FileMaker Antiquities at Claris Engage 2025! ×

Database security on the web

brainonastick
 Share

This topic is 3885 days old. Please don't post here. Open a new topic instead.

Recommended Posts

brainonastick Community Regular

brainonastick

Posted
Posted

With FX.php we call various databases using standard code provided by Chris Hansen's documentation. The server_data.php file has a standard username and password combination for accessing the databases and the related database security account gives full access to the databases.

 

Ive been advised that we should have tighter security so that hackers cannot access our databases via the web. 

 

Now we need to be able to write to the databases in the case of FMNew and FMEdit database calls so we cant have read-only security across the board. But for FMFind database calls read-only security might be OK.

 

So how do we set up the security for different kinds of database calls? The server_data.php file only mentions one username/password combination. If we had different accounts for FMNew/FMEdit/FMDelete and FMFind, how do we set this up in server_data.php - do we need 2 server_data.php files perhaps?

 

 

webko Experienced

webko

Posted
Posted

Well, unless they have access to the actual server, they can never see what is in server_data.php

 

And if they are on your web server with that level of access, I'd suggest you have bigger things to worry about...

 

Anyway, you can on any page, or for any call, use a different server_data file, maybe server_data_readonly and server_data_readwrite - just call it immediately before the relevant find/edit etc

 

But that doesn't make it any more secure - see above...

 

Cheers

Webko

brainonastick Community Regular

brainonastick

Posted
  • Author
Posted

Thanks webko - we've been told that with our current set up someone could duplicate a web page and somehow access our databases but Im not sure how.  If Ive understood you correctly, you are saying that they could only do this if they knew the username and password quoted in the server_data.php file. 

This topic is 3885 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept