Control Admin Access on other Servers

["... you mean these fans?"]

Hi,

We have a customer who would like to host our solution on their FM Server vs the cloud server where we host the solution now.

If we allow our solution to be hosed on this other "Server", not a "Filemaker Hosting Provider" what security issues do we need to be aware of with regard to loosing control to our "Admin" log in credentials.

What are the capabilities of this other server owner if they want our "Admin" log in credentials and we refused to hand them over.

I see google hits on hacking filemaker log in credentials ( see link ) ... so any insight, guidance we would be grateful.

http://www.lostpassword.com/filemaker.htm

Thank you.

Tom

 

 

[Wim Decorte]

Not sure I follow... you don't have to provide "full access" login credentials to your solution for it to be hosted on FMS.  As long as the proper priv sets have the "fmapp" extended privilege turned on, the accounts for those priv sets will be able to access the file.

Your best protection is to use the FMPA advanced tools and remote the full access from the copy of the file before sending it to the client.  That also means that you yourself can not make any further schema changes to that file.  This protects against the FM pw crackers.

 

As to full admin rights to the admin console: there is nothing there that can give them access to your files.

[Claus Lavendt]

Without going into discussions about how you, from a business perspective, should/could handle this, the FileMaker platform gives you several options to secure your intellectual property in the solution.

You could enable EAR (Encryption At Rest). With that enabled, it should not be possibly for the tool mentioned to open up the solution. You can also remove admin access to the files. And then it also comes down to making an agreement with the customer about what they are allowed to do.