4 Replies Latest reply on Jan 21, 2015 9:21 PM by JoeCampbell

    How secure is the database ?



      How secure is the database ?


      With all the hackings in the news the past few years I was wondering what protection (if any) does filmaker pro 12 give it's databases ?

      All users require passwords (none are dictionary words, all are miXeD case, with numbers) so it's doubtful anyone would be able to simply login with out alot of effort. But say someone stole the entire computer, or hacked into the computer and copied off the .fmp12 database file, what could they do with it ?  If it was opened in an editor, would it be readable or just garbled ? Windows it self has log-on password but I know to remove them and log-in anyway is like a 30 second job (ive done it before on a computers the person forgot the password to).

      I think Server uses encryption, but Im not sure if that's on the database file or just the connection to other clients. But we only have 2-4 computers accessing a single file hosted on one of the machines so fmp server seems overkill (and overly expensive) for our needs.

      Our backup's run each night and are stored locally and uploaded to a cloud storage site. For additional protection they are automatically encrypted with a password after the backup is run, before it's uploaded each night, just incase the cloud storage company is ever hacked into.

        • 1. Re: How secure is the database ?

          The biggest point of vulnerability is if the wrong person gets a physical copy of the file. There's a utility out there that advertises the ability to insert a new admin level account into an existing file--forcing the file open in full access. That does not give you access to actual passwords in Manage | Security, they are encrypted, but that's the only thing in the file to which a knowledgeable person does not have access to once they have opened the file full access.

          So keeping all files with sensitive data on a secure server is step one to any security management plan.

          • 2. Re: How secure is the database ?

            How exactly does the FM13 file encryption work?

            • 3. Re: How secure is the database ?

              I bought one of the programs to remove passwords.  It strips all passwords out, setting them to blank.  It works with files from version 3 to version 13.  I bought it online for $30 (as I remember).  It is a Window program.  I could not find any that work on the Mac OS.

              • 4. Re: How secure is the database ?

                As I was reading more, you can encrypt the database file completely in FM13, requiring a master password to even open the file. That is different than the usual user/password permissions. I don't think a password removal tool would work in that case, it says if the password is ever lost the file will be unusable.  It looks like that is the way to go, we will have to update to FM13 to use that feature though on all machines. A FM12 client cant connect to a FM13 machine if its sharing an encrypted file.