Security question regarding migrating from Lasso v8 to WebDirect (v14)

[Rich S]

Greets, all. Out of the gate, I want to admit complete ignorance as I'm more of a client-side programmer, so please forgive me for that when it comes to this issue...and if I'm posting in the incorrect form.

The previous tech in my current position set up FileMaker Pro (Mac, Server v13) in a DMZ, with Lasso v8.x so our faculty, staff, and students can fill-in online forms in our databases. That tech has retired and now I'm faced with programming and maintaining this set-up.

I told my (new) supervisor that we should cast away Lasso due to the Mack Truck Possibility* and to have our IT department host users in Windows' Active Directory to simplify things since that's what everybody else on the network uses. (We currently have a OS X server that's failing so it makes sense for IT to host us the same way they host other departments.) At first, I thought maybe migrating to PHP would be a first step to get away from Lasso, but then it occurred to me: why not skip learning a whole new language altogether and just go with WebDirect? However, when my supervisor chatted with the ex-tech, he explained to him that WebDirect is completely unsecure and that it would be easy for users and non-users alike to go in and access data they shouldn't.

With my limited smarts, that doesn't sound right so that's why I'm posting here. I know FMP has some security in it so I can limit who has access to what once they're inside FileMaker Pro Server, but it's that "front end" I'm mystified with; I'm sure there's a secure way to use WebDirect without having to implement PHP. Yes? No? Any input would be greatly appreciated.

 

*...or, MTP: If a key person were to be run down by a Mack truck, the organization's infrastructure would grind to a screeching halt because all the knowledge and expertise related to that person's position/function has died with him/her...or in the less violent version, that person simply left and moved on.

Edited June 15, 2015 by WF7A

[Kris M]

"WD completely unsecure" = not true.

WebDirect implements the security system in FileMaker.

Active Directly + FileMaker = nicley integrated security implementation.

Google FileMaker 14 security guide.

I've got no Lasso experience but would say changeover from Lasso to WD might be a big bite for an Intermediate level developer however, alot depends on your scale.

Edited June 15, 2015 by Kris M

[Steven H. Blackwell]

However, when my supervisor chatted with the ex-tech, he explained to him that WebDirect is completely unsecure and that it would be easy for users and non-users alike to go in and access data they shouldn't.

 The tech is completely incorrect about this.

First, set up the Privilege Sets for the various categories of users and assign appropriate Privileges to each.

Second, set up Groups inside the files (in lieu of Accounts) and assign a Privilege Set to each.

Third, duplicate these groups in Active Directory exactly named as they are in the files.

Fourth, assign Accounts to Groups in Active Directory.

 

Users will be able to authenticate with these Accounts.  However, they will not be able to do Single Sign-On for WebDirect.  They must enter the credentials.

 

Any questions, come back and ask.

 

Steven