Securing your data
 
Securing your data
Note  The following information is for server administrators.
A Secure Sockets Layer (SSL) certificate, or root certificate, is a data file provided by a certificate authority (CA) that digitally identifies the sender, receiver, or both parties of a secure transaction. SSL certificates are installed on machines running FileMaker applications to provide secure connections between FileMaker Server and FileMaker clients.
FileMaker Server provides a standard SSL certificate signed by FileMaker, Inc. that does not verify the server name. The FileMaker default certificate is intended only for test purposes. A custom SSL certificate is required for production use.
To secure your data, you can take advantage of several FileMaker Server features:
To verify your server name to clients and prevent web browsers from displaying certificate warnings, request a signed SSL certificate that matches your server name. You request a certificate from a trusted CA supported by FileMaker, Inc. See FileMaker Server Installation and Configuration Guide. See also Creating a certificate signing request.
After you have received a custom SSL certificate, to enable SSL connections between the Database Server and FileMaker Pro and FileMaker Go clients, and between the Database Server and the Web Publishing Engine, click the Database Server > Security tab and select Use SSL for database connections. Then import the custom SSL certificate. See Importing a custom SSL certificate. When this is option is not enabled, the interactive content is downloaded over an unencrypted HTTP connection.
Decide whether to use the setting Use HSTS for web clients. When this setting is selected, web clients are restricted to HTTPS connections and cannot downgrade to HTTP connections. Once the web client has completed an HTTPS connection, the web browser prevents the client from using an HTTP connection.
During installation, the web server used by FileMaker Server to publish databases to web-based clients is configured with SSL connections enabled.
You can enable and disable specific extended privileges, such as PHP, XML, FileMaker WebDirect, and FileMaker Data API for the Web Publishing Engine. For example, if you know that all files on one server will be shared with Custom Web Publishing with PHP, you can disable all other types of web publishing. Even if a file includes extended privileges that allow access to XML data, access to XML data is not available while the file is hosted with that FileMaker Server deployment.
To enable or disable any web publishing technology for all files on FileMaker Server, click Web Publishing, then click the PHP, XML, FileMaker WebDirect, or FileMaker Data API tab. On each of these tabs, you can enable or disable web publishing for all hosted databases even if they have the corresponding extended privilege enabled. See PHP web publishing settings, XML web publishing settings, FileMaker WebDirect settings, and FileMaker Data API settings.
You can enable FileMaker Server to authenticate users via an external authentication server such as Apple Open Directory or Windows Active Directory. See External authentication for database access.
If your organization uses an LDAP directory service, you can enable Use Secure Sockets Layer (SSL) in the Database Server > Directory Service tab to encrypt the user names and passwords that FileMaker Server and FileMaker Pro clients use to log in to the LDAP server. See FileMaker clients settings and About user details.
Enable FileMaker Server log files to monitor accesses to databases. See Viewing log file entries.
Notes
See “Creating accounts that authenticate via an external server” in FileMaker Pro Help and www.filemaker.com/support for more information.
In FileMaker Pro Advanced, you can use the Database Encryption feature to encrypt the contents of a database file. FileMaker Server supports hosting encrypted databases. With FileMaker Server, the server administrator or group administrator enters the encryption password when the file is opened for hosting. See Opening hosted files.