Securing data on the Web

Citation preview

---

Securing data on the Web You should consider security for your FileMaker® Pro databases whenever they can be accessed over any type of network, whether peer-to-peer or for access from a web browser. Design your databases with your security needs in mind. You might need to maintain public and private data in separate files with separate levels of access. For example, if you have a database that contains all of your customer data, including credit card and shipping information, this data is most secure if it is never shared over the Web. However, this can be impractical. If you want to shield your customers’ credit card information while making their shipping addresses available for verification, one method is to create a separate database containing all of your customer ID numbers. Create a relationship from this database to your master database, and display only the related fields that you want to expose to your customers. This secondary database can then be shared over the Web, while your master database can remain offline. Note FileMaker Pro doesn’t provide password encryption. To provide security for your database passwords over the Web, consider installing Secure Socket Layer (SSL) protection, which is available from third-party vendors and supported by the FileMaker Pro Unlimited software’s Web Server Connector.

Protecting published databases When you publish a database, you can limit who can access your database and the tasks that users can perform:

1 If you specify FileMaker Pro access privileges for your database, those same access privileges are in effect when you publish your database on the Web. When web users open the database in their browser, they enter the same password they use to open the file in FileMaker Pro. 1 1 1

You can allow or prevent remote administration.

1

You can select web styles that only allow users to search your database or enter new records.

You can specify the IP addresses that can request data from the Web Companion.

You can specify a layout to limit the fields that web users can access. (Web users can access all records in the open database.)

Access privileges vs. the Web Security Database You can protect FileMaker Pro data published on the Web using either FileMaker Pro access privileges or the FileMaker Pro Web Security Database. Access privileges are the best choice for most database security needs, and the only security choice for sharing databases over a local area network. If you’re sharing data on an intranet or the Internet, you can use either access privileges or the Web Security Database.

1 If you’re doing Instant Web Publishing, use access privileges. 1 If you’re doing Custom Web Publishing, you can use either access privileges or the Web Security Database.

2 Securing data on the Web

Important In FileMaker Pro 5.5, you can now use access privileges to limit access to records on a record-by-record basis. You no longer need to use the Web Security Database for record-by-record security. See “Protecting specific records using access privileges” on page 3 for more information on limiting access on a record-by-record basis. Use the Web Security Database or access privileges for databases accessed via a web browser

Use FileM aker Pro access privileges for peer-to-peer netw orking

FileM aker Pro 5

FileM aker Pro 5

Web brow ser Invoices.fp5

Customers.fp5

Here is a comparison of access privileges and the Web Security Database: Feature

Supported by FileM aker Pro Supported by FileM aker Pro access privileges Web Security Database

Password protection

Yes

Yes

User ID/User name verification

No.

Yes

Disallow searching using a specific field

No

Yes

Administer security privileges remotely

No

Yes

Security for a field across an entire database Yes

Yes

Security for a particular record

Yes

Yes

Security for a field by password

Yes

Yes

Scripting

Yes – Scripting capabilities reflect the privileges associated with a particular password, i.e., if a password permits creating new records, then scripted creation of new records is allowed.

Yes – Scripting capabilities are Boolean, i.e., you can either enable or prevent a user from performing all scripts.

Control browsing of records

Yes

Yes

Control updating of records

Yes

Yes

Control deleting of records

Yes

Yes

Field-level security determines how data in a particular field is secured. For example, you can limit all access to a field that stores credit card numbers, or return as search results only those records that exactly match your search criteria.

Securing data on the Web

3

In the Web Security Database, security for a particular field is administered via the DontShow, DontSearch, and ReadOnly checkboxes. In access privileges, your field-level security choices are Accessible, Not Accessible, and Read Only. In the Web Security Database, you can secure a particular record with ExactSearch, ExactUpdate, and ExactDelete. For example, you can use ExactSearch to allow an individual access to his or her own account information, but prevent that individual from seeing the records of others. In FileMaker Pro 5.5 access privileges, you can define passwords to secure the browsing, editing, deleting, and creating of specific records. For Custom Web Publishing, the Web Security Database can be used with CDML, XML, and the JDBC driver available with the FileMaker Developer software. Important The layout-level security available via access privileges, where an entire layout may be secured as Accessible, Not Accessible, or Read Only, is not recognized by the Web Companion. See the FileMaker Pro documentation for information on Instant Web Publishing. See the FileMaker Developer software and FileMaker Pro Unlimited software documentation for information on Custom Web Publishing. For more information on the Web Security Database, see “Custom Web Publishing using the Web Security Database” on page 7.

Protecting specific records using access privileges With the new record-by-record security in FileMaker Pro 5.5, you use calculation formulae to specify whether users can browse, edit, or delete specific records, based on password privileges. This record-by-record security is available for databases published on the Web, as well. You can also completely turn off browse access. If you remove browse access, users will still be able to perform certain layout and script definition activities, provided those privileges have been assigned to the password. Any scripted commands performed through Instant Web Publishing are subject to the same limitations as scripted commands performed on the desktop. To limit the Browse records, Edit records, or Delete records privilege: 1. Define a password (choose File menu > Access Privileges > Passwords). 2. For Privileges, select Brow se records, Edit records, or Delete records, or a combination of those

privileges, then choose Limited from the list next to the privilege. 3. In the Specify Calculation dialog box, define a Boolean calculation. For each record in the

database, access is granted when the calculation evaluates to True or to a non-zero result, and access is denied when the calculation evaluates to False or 0. For example, to limit users' access to only those records they have created: 1. Define a text field named Record_created_by.

4 Securing data on the Web

2. Set the auto-entry options for that field to auto-enter the name of the record's creator (choose File

menu > Define Fields, select the Record_created_by field, then select Options > Auto-Enter > the Creator Name). 3. Define a password with the Brow se records access privilege limited to records that match the

calculation: Record_created_by = Status(CurrentUserName) The user will only have Browse access to records for which the above calculation evaluates as True.

Additional details about limiting access on a record-by-record basis These additional notes are intended to help database designers integrate limited access privilege passwords into more complex database solutions.

Limited access and related data Important Because access privileges in the source and destination files are evaluated before any data is updated using Lookup or Relookup, consider the implications of limiting Browse and Edit record access when using lookups.

1 Related fields in a record will be visible to users if they have Browse access to the key field in both the current file and the related file. As with FileMaker Pro 5, Relookup and Lookup do not generate errors if related record can't be edited. Only the data in records that the user has appropriate access to are updated. The privileges in both the source and destination databases are considered before any data is replaced.

1

If the calculation you are using to limit access uses data from a related database, you must have access to the related database. In the case of self-related data, read access is temporarily given to the data to allow the formula to evaluate correctly.

1

1 When a Find is performed on a relational join, the found set is filtered to eliminate records for which the user does not have browse privileges. Filtering is not performed on a Show All Records command or when omitting records, although data in any records for which the user's access is restricted will not be visible to the user. 1 If browse access has been limited, the contents of value lists based on fields and relationships are filtered so that users do not gain access to confidential information. This filtering is also performed on the design function ValueListItems(). Limited access and record deletion

1 If the limits on Brow se records and Delete records are different, or if there are no limits placed on the privilege to delete records, it may be possible for a user to delete a record for which he or she does not have browse access. The database designer must impose limits on Delete records to prevent the deletion of records. A warning is displayed when a database designer creates or modifies a password so that it has limits on browse but no limits on delete.

Securing data on the Web

5

1 Delete All Records and Delete Found Records in the Records menu are enabled unless Delete Records has been deselected for the current password in the Define Passwords dialog box. If one of these commands is issued but because of limited access to the Delete Records privilege some of the records cannot be deleted, an alert is generated, indicating the number of records that could not be deleted.

Limited access and brow se and editing privileges

1 Users with edit privileges can only edit records for which they also have browse privileges. This is because there is no way for users to edit records that they cannot browse.

1 A user with limited access privileges may change the contents of a record and, perhaps inadvertently, deny themselves access to that record. Changes take effect as soon as a user exits a record, and a user making changes of this type will not be able to return to a record to which they previously had access. For example, a user may initially be able to edit a record, but if the user makes a change to a record's content that changes the result of the edit limiting calculation so that it evaluates to false, that user will no longer be able to edit that record once he or she exits that record. 1 It is possible for a user to duplicate records that they cannot browse, unless you design the password to prevent duplication. In this situation, the restricted data is not duplicated, however, other operations, such as auto-entered data, can potentially occur. 1 Because record-level access doesn't affect data stored at the file level in unstored calculation fields, summary fields, and global fields, this data is still displayed, even if the browse privilege is limited. The results of any summary fields, however, exclude data that is restricted because of browse limits. Limited access and Finds

1 Records are filtered when a Find is performed on a database that was opened with a password that limits browse access. The found set is filtered so that it contains only records that meet the browse requirements and that match the Find criteria used. The result of Status(CurrentFoundCount) will reflect the fact that records have been filtered from the found set. This filtering is also performed on the design function ValueListItems(). Other notes about limited access

1 Users who do not have browse access to a record will still see the record, but the field content within the record will be replaced with the words . 1 Users cannot use the View Index dialog box when the file is opened with a password that limits browse privileges. 1 If a Replace, Relookup, or Spell Check is performed and some of the records do not have browse access, then those records are ignored. 1 Two status functions, Status (CurrentRecordAccess) and Status (CurrentLayoutAccess), have been added to help you determine access to particular records and layouts.

6 Securing data on the Web

Security tips Keep these security issues in mind when publishing databases:

1 A dedicated machine is the best platform to use for hosting FileMaker Pro databases on the Web. 1 Enable the Web Companion plug-in only if you want to give your users the ability to access a database over the Web.

1 1

Allow users access to only the data they need to see or work with.

Users who open a database with the Export records access privilege, including FileMaker Pro guests, can publish the database (by enabling FileMaker Pro Web Companion on their computers). Use caution when granting access privileges to guests.

1 Due to the way web servers work, all files in the Web folder can be deleted by knowledgeable web users. Don't put sensitive documents or databases inside the Web folder. (The Web folder is located in the FileMaker Pro 5 folder.) 1 To prevent a published database from displaying on the built-in Instant Web Publishing page, rename the database to include an underscore character at the end of the filename, before any filename extension (for example, Orders_ or Orders_.fp5). If you change the filename, you may need to change references to the file in relationships and scripts. If you specify a layout for web publishing, web users can only access the fields on the specified layout. However, knowledgeable users can use features available with FileMaker Developer software to change the layouts that they access.

1

Do not rely on hiding a field on a layout or in a format file as a means of security, as a field that is not displayed is not necessarily secure.

1

1 If you publish a layout with related fields, they appear when a web user opens the master file. The related file opens with the privileges associated with the master file’s password. 1 If you have an open database on a host computer, but you don’t want to publish it, be sure Web Companion Sharing is not enabled for that database. Enable Instant Web Publishing only if you’re using the Instant Web Publishing feature. It is not necessary to enable Instant Web Publishing in order to use Custom Web Publishing.

1

1 It is not necessary to enable FileMaker Pro Multi-User sharing or OS-level file sharing to share FileMaker Pro databases over the Web. It is not necessary to specify TCP/IP as the Network Protocol in FileMaker Pro application preferences. Enable these technologies only if you need them for other types of network access. 1 Enable Access Logging (in Web Companion Configuration), as this log provides a means to audit activity. 1 Do not enable Web Companion sharing for the Web Security Database unless you plan on using the remote administration feature. 1 Do not enable remote administration unless necessary. When enabled, remote administration applies to all databases hosted from a particular machine, and may not be configured to work only with specific databases.

Securing data on the Web

7

1 When you display static web pages (HTML files, images, or pictures that do not change) in a browser, you cannot use access privileges or the Web Security Database for security, though the pages are protected by client IP address filtering. The following CDML tags, new in FileMaker Pro 5, have been disabled: -fmtfield, -mailfmtfield, -errorfmtfield.

1

1 Avoid leading and trailing spaces in passwords you set up under FileMaker Pro access privileges for web sharing. Such spaces are not compatible with how browsers parse passwords. Netscape Navigator and Internet Explorer password-entry routines strip leading and trailing spaces from passwords submitted over the Web. Also avoid using leading and trailing spaces in the remote administration password.

1 A web client using a shared default create-only password under FileMaker Pro access privileges may have edit privileges for other clients' records created during a current session. If you design databases such as guestbooks or posting boards for multiple users, you should not assign the same default create-only password for multiple users. 1 When creating web pages that submit requests for data, always use the POST method to send these statements to the server. Do not use the GET method, as it is more visible. The -dbnames command returns the names of shared databases without requesting a user ID or password.

1

1 Whenever possible, use secure socket layer (SSL) protection on your web server machine, as this provides the highest degree of security. This is especially important when protecting sensitive data, as SSL is one of the best defenses against the password “sniffer” applications often used by hackers. SSL protection is available from third-party vendors. Important Do not store databases in the FileMaker Pro Web folder, as any databases in this folder are visible over the Web. Exceptions to this rule are if you need to use remote administration features for them, such as the -dbopen or -dbclose CGI commands. Such features are only available to databases stored in the FileMaker Pro Web folder or below. All databases stored in the FileMaker Pro Web folder should be password-protected. When you use -dbopen to serve databases over the Internet, in order to secure both the remote administration password and the database password, you must use the Web Server Connector (available in the FileMaker Pro Unlimited software) and SSL protection. Passwords are not encrypted, and so are not secure.

Custom Web Publishing using the Web Security Database The FileMaker Pro Web Security Database is a set of three related databases working together to protect your databases published on an intranet or the Internet. Designed to work with your custom web pages, the Web Security Database lets you provide user name and password protection to multiple FileMaker Pro databases.You can optionally set specific user permissions and field restrictions for each database, and update or change those settings directly from your web browser.

8 Securing data on the Web

With a Web Security user name and an optional password, web users can do one or more of the following in your published database(s):

1 Browse records 1 Create records 1 Edit records 1 Delete records 1 Perform scripts 1 View all except certain restricted fields 1 Search all except certain restricted fields 1 Edit all except certain restricted fields 1 Enter a special value in a restricted field and view, edit, delete only those records that contain the exact matching value

1

Modify or delete records containing exact matching values in the restricted field

Important The Web Security Database is not designed to work with FileMaker Pro Instant Web Publishing. The ExactSearch, ExactUpdate, and ExactDelete field restrictions do not function properly in Instant Web Publishing. For information about creating custom web pages using the FileMaker Pro Unlimited or FileMaker Developer products, go to the FileMaker, Inc. web site at www.filemaker.com. In FileMaker Pro, choose Help menu > FileM aker on the Web.

How the Web Security Database w orks The Web Security Database includes two types of files: databases for providing web security and HTML pages for changing the web security settings remotely. Web security is controlled by a main database called Web Security.fp5 and two related databases called Web Users_.fp5 and Web Fields_.fp5. When users attempt to access your protected database on the Web, the web browser displays a user name and password dialog box.

Securing data on the Web

9

Once a user name and password are established, they are sent by the web browser with every request to the web server. The FileMaker Pro Web Companion checks these values against the settings configured in the Web Security Database, and then determines if any user permissions or field restrictions exist for a specific action.

Installing the Web Security Database When you install FileMaker Pro, the Web Security Database files are automatically installed in a Databases folder in a folder named “Web Security” located inside the FileMaker Pro application folder. If the folder isn’t there, then you’ll need to do a custom install. See the FileMaker Pro Getting Started Guide for information on installing FileMaker Pro Web Support, which includes the Web Security Database. Note Do not install the Web Security Database to the Web folder.

Enabling the Web Security Database The Web Security Database must be open before you can enable it in FileMaker Pro. 1. In FileMaker Pro, choose File menu > Open and open the Web Security.fp5 file.

FileM aker Pro/Web Security/Databases/Web Security.fp5

The related files, Web Users_.fp5 and Web Fields_.fp5, also appear in separate (usually minimized) windows (Windows) or in the Window menu (Mac OS).

2. Choose Edit menu > Preferences > Application. 3. In the Application Preferences dialog box, click the Plug-Ins tab (or choose Plug-Ins from the

pop-up menu).

1 0 Securing data on the Web

4. Select the Web Companion checkbox to enable the Web Companion plug-in.

Note If Web Companion doesn’t appear in the Application Preferences dialog box, you must install the Web Companion plug-in (see the FileMaker Pro Getting Started Guide). You only need to enable the Web Companion plug-in once for the FileMaker Pro application. To do so, you must have a connection to the Internet or an intranet. (For information, see chapter 14, “Publishing databases on the Web” in the FileMaker Pro User’s Guide.) 5. With Web Companion selected, click Configure. 6. In the Web Companion Configuration dialog box, make sure that Enable Instant Web Publishing is not selected (the Web Security Database is not designed to work with FileMaker Pro Instant Web Publishing). 7. Select Web Security Database to enable it.

Note The Web Security Database option is not available (dimmed) when the Web Security.fp5 database is not open.

8. For Remote Administration,select Disabled if you do not plan to do remote administration.

Securing data on the Web

11

9. For Remote Administration, select Requires passw ord and enter a password in the box if you want to access the Web Security Database settings later from the Web. Requiring a password for remote administration ensures that unauthorized web users cannot gain access to the Web Security Database and other files located in the Web folder. It is not recommended that you do remote administration without a password. See “Changing Web Security settings remotely from the Web” on page 14. 10. Click OK to close the Web Companion Configuration dialog box. 11. Click OK to close the Application Preferences dialog box. 12. Choose File menu > Sharing and make sure that the database is shared via the Web Companion.

Assigning Web Security to your databases To protect one or more databases with the Web Security Database, you create a record for each database. In each record, you set up user names, passwords (optional) and permissions for each user, and field restrictions for each database. 1. In the Web Security.fp5 database, create a record for each database you want to protect by choosing Records menu > New Record. 2. In the Database Name field of each new record, type the name of the database you want to protect.

Or, type All Databases in the Database Name field of one record if you want to make the same user permissions and field restrictions for all of your published databases.

3. If the database has a password set up with FileMaker Pro access privileges, and you want that password's restrictions to be added to those of the Web Security database, type that password in the Database Passw ord field. In most cases, you should type the master password here.

1 2 Securing data on the Web

Note Any access privilege restrictions placed on the Database Password in FileMaker Pro override the Web Security Database permissions. Web access privileges can never be greater than the privileges provided by the Database Password, regardless of the settings in the Web Security Database. 4. Type the first user name in the User Name field. 5. Type a password in the User Passw ord field if you want to require one for the user.

When creating a password, use only the characters A through Z, numerals, or a combination of the two. Do not include spaces in your password. This minimizes the possibility that you will choose characters that may be interpreted incorrectly over the Web. Important Do not use leading or trailing spaces in user names or passwords for remote administration, access privileges, or the Web Security Database. 6. Select one or more of the following permissions for the user. Select this user permission To allow the specified w eb user to do the follow ing Browse

Browse records in the database, subject to any field restrictions set below

Create

Add records to the database, subject to any field restrictions set below

Edit

Modify records in the database, subject to any field restrictions set below

Delete

Remove records from the database, subject to any field restrictions set below

Scripts

Run scripts defined in the database

7. Repeat steps 4 through 6 to add permissions for other users.

You can type All Users in the User Name field to create privileges that apply to any web user. These privileges override more restrictive privileges set for other users. Therefore, if you set All Users to be able to browse, create, and edit records, then any other user names you enter for this database can also browse, create, and edit records regardless of the user permissions you set for them. Leave the User Passw ord field blank if you’re setting privileges for All Users. (FileMaker Pro displays an alert if you attempt to enter a password for All Users.)

Securing data on the Web

13

8. In the Field Name field, type the name of any field that you want to restrict for this database (be sure to type the defined field name, not the name of a field label) and select one or more of the following restrictions for the field. When this field restriction is selected

Web users can do the follow ing

DontShow

View all fields in a record except this field. If a field with this restriction appears in the web page, a blank value is returned as if the field were empty.

DontSearch

Specify search criteria in any field except this field. Web users cannot search for data in this field.

ReadOnly

View but not edit data in this field.

ExactSearch

Retrieve only those records containing exact matching values to the search criteria specified for this field. A record is not returned unless an exact match is made with the field’s value in the database. If ExactSearch is assigned to a field, the “equals” operator must be used with that field when it is present in a search action. Also, if the ExactSearch restriction is set for any field, then the -findall and -findany actions cannot be used with that database.

ExactUpdate

Edit only those records containing a value that exactly matches the value specified by the user for this field in a search. Web users cannot edit this field.

ExactDelete

Delete only those records containing a value that exactly matches the value specified by the user for this field in a search. Web users cannot edit this field.

Protecting specific records in a database using the Web Security Database Important In FileMaker Pro 5.5, you can now use FileMaker Pro access privileges to handle adding, deleting, browsing, and editing records on a record-by-record basis. See “Protecting specific records using access privileges” on page 3 for more information. The ExactSearch, ExactUpdate, and ExactDelete field restrictions provide record-level security for your databases on the Web. You can limit web user access to specific records in your databases by creating a special field value for those records that only authorized users know, and applying the ExactSearch, ExactUpdate, or ExactDelete field restrictions to the field. Web users are required to enter the correct value in a search, and only those records containing the value can be displayed, edited, or deleted. By adding the Don’t Show field restriction to the field, unauthorized web users will not be able to see the value when the records are displayed. Note When using the ExactSearch restriction for any field, the -findall and -findany actions cannot be used with that database. The ExactSearch, ExactUpdate, and ExactDelete field restrictions can also be applied to related fields by adding the relationship name and a double colon to the field name. Web users must enter a non-blank value for the related field when searching the database. The value cannot contain any FileMaker Pro wildcard or range search characters (*, @, !, =, //, “..”, or “...”).

1 4 Securing data on the Web

To protect specific records in a database using the Web Security Database: 1. In FileMaker Pro, define a field in the database to contain the special field value.

YourSecretCode: 2. Enter the special field value for the field in each specific record you want to protect.

YourSecretCode: ch5rries 3. In a text editor or HTML authoring program, create an HTML text field in your search web page

using the same name as the field you defined in the database.

Enter your secret code here

4. Include the equals operator in the search string.

5. In the Web Security.fp5 database, type the name of the field in the Field Name field, and select the DontShow and ExactSearch field restrictions.

If you’re setting restrictions for a related field, type the relationship name, a double colon, and then the field name in the Field Name field. relationship::YourSecretCode Now, in order to retrieve the protected records, web users must type the special field value in the HTML text field on the search page. Note All fields that you have set with the ExactSearch, ExactUpdate, or ExactDelete field restrictions must be present in the HTML form or script that specifies the search action. For example, if two fields are specified in the Web Security Database with these field restrictions, but only one of the fields is on the search page, then an error is generated when a web user attempts a search.

Changing Web Security settings remotely from the Web Using the Web Security Database HTML files, you can make changes to the Web Security Database permissions and field restrictions remotely from your web browser. Changes made this way do not require restarting FileMaker Pro, disconnecting your web server, or disrupting your web server’s performance. To remotely change Web Security Database settings: 1. Move the Security folder and its contents from the Web Security folder (inside the FileMaker Pro folder) into the root level of the Web folder.

This enables the Web Companion to serve the Security HTML pages on the Web. 2. In the Web Companion Configuration dialog box, make sure that Requires passw ord is selected

and a password is entered in the box. (See “Enabling the Web Security Database” on page 9.) 3. In your web browser, type the IP address for the computer where the Web Security Database is

open, and type /Security.

Securing data on the Web

15

For example, type 12.34.56.78/Security. This enables the Web Companion to display the default.htm file that’s located inside the Security folder.

4. In the Database Name text box on the Web Companion Security Administration page, type the name for the web security record containing user permissions or field restrictions that you want to change and click OK.

If a page contains a Reset button, you can click Reset to clear the form. 5. If you specified Requires passw ord in the Web Companion Configuration dialog box, you’re

prompted for a user name and the password. Type admin in the User Name field, type the password that you specified in the Web Companion Configuration dialog box, and click OK.

Type “admin” in the User Name box

On the resulting web page, you see a summary of the user permissions and field restrictions for the specified database. You can remove the web security record of this database from the Web Security Database by clicking the Delete Database button on this page. If the password for the database was changed in FileMaker Pro, you can type the new password in the Database Passw ord box and click Update Passw ord to update the web security record.

1 6 Securing data on the Web

6. Click the underlined link to a user name that you want to change permissions for.

On the User Permissions page, you can remove the user name from the web security record by clicking the Delete User button.

7. Change the user password and permissions as desired and then click Update User.

The record for the specified database is updated in the Web Security Database. 8. Click the View Database link to return to the summary page. 9. On the summary page for the specified database, click the Add User link to create permissions for a new user in the database record.

Securing data on the Web

17

10. On the Add User page, enter the desired user name, password, and permissions, and then click

Add User. 11. Click the View Database link to return to the summary page. 12. Click a field’s underlined link on the specified database’s summary page to change the

restrictions for the field in the specified database.

13. On the Field Restrictions page, change the field’s restrictions as desired and then click Update

Field. 14. Click the View Database link to return to the summary page. 15. On the summary page for the specified database, click the Add Field link to create restrictions

for a new field in the database. The Add Field page appears.

1 8 Securing data on the Web

16. On the Add Field page, enter the desired field name and field restrictions, and then click Add Field. 17. Click View a Different Database to return to the Web Companion Security Administration page.

18. On the Web Companion Security Administration page, click the Add Database link to add a new database record to the Web Security Database.

The Add Web Database page appears.

Securing data on the Web

19

19. In the New Database Name box, enter the name of the database you want to create a web security

record for. 20. If the database has a password set up for FileMaker Pro access privileges, enter it in the New

Database Passw ord box. 21. Enter the first user name and the desired password and permissions. Then click Add Database.

The summary page for the new database record appears. From this page, you can add more user names and permissions and set field restrictions for the new database.

Web Security Database tips Keep these points in mind when using the Web Security Database:

1 In the Web Security Database, you can set user permissions for Browse, Create, Edit, Delete, and Scripts. The Web Security Database permissions for Create, Edit, and Delete do not restrict ScriptMaker scripts from performing these actions. Use access privileges to secure databases that have ScriptMaker scripts. Scripts that include the New, Duplicate, Edit, Delete, or Export Records script steps should be protected by access privileges.

1 Passwords entered in the Web Security Database restrict user access to databases as a whole, but do not restrict field-level permissions on a user-by-user basis. Use access privileges to restrict fieldlevel access for a given password (or group of passwords) or for a set of records, and use the Web Security Database to restrict field-level access for an entire database.

1 1

Do not enable Multi-User for the Web Security Database.

Do not enable the RDAC plug-in on the machine that is web hosting your databases (including the Web Security Database), unless you have also configured FileMaker Pro access privileges to match the settings in the Web Security Database.

1 Always password-protect all the databases in the Web Security Database (Web Users_.fp5, Web Fields_.fp5, and Web Security.fp5).

2 0 Securing data on the Web

1 The Web Security Database gives you the option of entering a Database Password for each database it protects. This password has to be a valid password created through FileMaker Pro access privileges. If this password has access restrictions associated with it, they will be combined with those created in the Web Security Database. You can’t add Web Security Database permissions for users if those permissions are not already associated with the Database Password. To avoid privilege conflicts, it is better not to mix the two FileMaker Pro security schemes. Therefore, for Database Password, enter the secured database's master password. If no password is entered here (and the database has access privilege passwords), the Database Password will default to the password that the database is currently open with on the desktop. 1 Disable Web Companion file sharing for the Web Security Database (unless you intend to administer it remotely via the Web). The Web Companion now performs a validation check of the Web Security Database the first time a web request is received with the Web Security Database enabled. All of the Web Security Database's own fields, and all expected value list entries for those fields, must be verified before web serving can commence. If problems are detected, web users will be informed that Security is disabled (and their requests will not be acted on). For this reason, it is strongly recommended that fields and value lists inherent to the Web Security database itself (and its related databases) not be altered in any way.

1

© 2001 FileMaker, Inc. All rights reserved. FileMaker is a trademark of FileMaker, Inc., registered in the U.S. and other countries. All other trademarks are the property of their respective owners. Portions of some screen shots are reprinted by permission from Microsoft Corporation. Portions of some screen shots are copyright 1996-1999 Netscape Communications Corporation. All rights reserved. These screen shots may not be reprinted or copied without the express written permission of Netscape. Mention of third party products and companies is for informational purposes only and does not constitute an endorsement or recommendation.