Security Enhancements

Idea created by sreese on Nov 2, 2015
    • TonyWhite
    • Draco
    • sreese
    • jormond

    We have been discussing at length in this post: Security and FM the ways that FM is good and bad at security.


    I personally would like to see the ability to disable external APIs like the AppleScript interface. We have a 0 mac environment. We should be able to disable the ability for AppleScript to be run against the database at all. Any attempt at running AppleScript should automatically be considered malicious in nature in our environment.


    Additionally I felt that we should be able to disable the data viewer for users that wouldn't need to access it. There is no reason to allow end users to run commands that get the lists of scripts or of the fields, etc. If we do not want the end user to do this they shouldn't be able to.



    My other suggestion is better AD integration. To enhance the security of the solutions FileMaker should be able to recognize multiple Ad group permissions. This would allow us to not keep a table of additional security permissions in an ersatz type solution. Currently this is the only fashion to make it work without having hundreds of AD groups and user accounts in the list to make it usable.


    My thoughts on this were to have a group that is strictly for authentication to the DB and then have the additional security groups checked against the Extended Privileges table with the caveat being that FM doesn't check for AD groups for groups that are already built into FM. This would keep a user from grantings themselves access via WebDirect, etc.