9 Replies Latest reply on Sep 19, 2016 3:06 PM by dtcgnet

    File Display Filter- FM Server 14 question

    jdevans

      fmserver_file_display_filter.JPG

      I have all of our current production files hosted on FM Server 14. I was just informed by our IT Director that he installed Filemaker Pro for a user who is on the same LAN as me and our FM_Server, but who isn't a part or my work group. When he launches FileMaker Pro, and clicks Hosts on the Launch Center, he can see all of our hosted files.

       

      What can I do to prevent specific users on the same LAN from seeing these files?

       

      I am aware of the setting on FM server that if checked, "Lists only the databases that each user is authorized to access" but I don't understand what the results of checking that box will be based on the way each hosted file is set up. I don't understand which setting at the file level controls whether or not it gets filtered out by that box being checked.

       

      Many of the files were developed years ago by another person who no longer works for our organization, and set them up to open on double-click without a username/password. He set it up so that only someone with a full-access account can modify the file, and layouts. The No-password option opens the file as [Guest], with no ability to modify the file. However, I'd rather make it such that nobody can see those files outside our work organization.


      Need to know what I need to do.

        • 1. Re: File Display Filter- FM Server 14 question
          BowdenData

          You have the right setting in FM server. Go ahead and enable that. It means that when a user selects "Open Remote" and selects your FM server, they will only see listed databases that they have access to. Depending on your setup, they might get prompted to enter their username/password upon selecting the Open Remote menu option. Once they put that in, then the dialog box will only show those dB's that they have access to.

           

          In the case of the databases that are setup with Guest access, then those will likely show up as available to everyone. I can't remember the last time I ever created or managed a dB that had Guest access turned on, so not 100% sure on this.

           

          http://www.filemaker.com/help/15/fms/en/#page/fms/config_dbserver_security.html

          1 of 1 people found this helpful
          • 2. Re: File Display Filter- FM Server 14 question
            jdevans

            I think this is going to be a big steaming mess to be honest. It's those ones with Guest turned on that are what I'm concerned about.

             

            I'm having a hard time finding any detailed user guide on how all this manifests itself, based on how the file is set up.

             

            BowdenData, when you said "
            they might get prompted to enter their username/password upon selecting the Open Remote menu option. Once they put that in, then the dialog box will only show those dB's that they have access to", this is exactly the kind of detail I'm trying to find in a guide or document from Filemaker but haven't found.

            • 3. Re: File Display Filter- FM Server 14 question
              jdevans

              I'm also concerned with what will happen while people are currently accessing these files? What will happen if I select that checkbox while people are here doing their work with those files?

              • 4. Re: File Display Filter- FM Server 14 question
                dtcgnet

                You should click that box in FMS that says "List only the databases each user is authorized to access."

                 

                With that setting in place, when a user goes to Open Remote, the user will be prompted to enter credentials. The user will then see only those databases for which the credentials are valid.

                 

                However, from a bigger perspective, I'd suggest taking a deeper look at your databases. By default, the Guest account assigns a predefined "Read Only" privilege set. If that's what the users are logging in with, they wouldn't be able to modify any of the data in the databases, so none of the data would ever be changed by users. Login to one of the databases that you can just open with a double click. Modify some data. If you're allowed to modify it...then either the previous developer assigned a different privilege set to Guest, or the files have been set to open with a default account (which might or might not be "Guest").

                 

                It sounds to me like the security for the whole system needs to be looked at in depth. All users are anonymous, they all have the same privileges, and my guess is there are holes which would provide vulnerabilities.

                1 of 1 people found this helpful
                • 5. Re: File Display Filter- FM Server 14 question
                  dtcgnet

                  Turning that setting on or off will not affect users currently logged in.

                   

                  If a user clicks on Open Remote, and then selects the Guest option instead of Account option, the user will see all files which have the Guest account turned on. I personally do not ever use the Guest account.

                   

                  You COULD go to the new user's computer, and for the Open Remote Host setting, you could click the option to "Show only these files", and then type in the names only of databases that user should see. It's not ideal, but that user wouldn't see databases not listed. The user could very easily reverse that though.

                  • 6. Re: File Display Filter- FM Server 14 question
                    jdevans

                    I've spoken to the IT director, and he's trying something out, setting the visibility using Group settings via Windows. He has our work group assigned to a Group in Active Directory already. However the visibility to the FM server was all domain users, which includes my work group, plus a lot of other people. Hopefully limiting it to just the work group using the AD settings will take care of it. Waiting to hear back from him now.

                    • 7. Re: File Display Filter- FM Server 14 question
                      dtcgnet

                      Active Directory tells me Windows, which tells me that it's possible that the previous developer may have used External Authentication in the databases.

                       

                      Are you SURE that the databases are all set up with Guest accounts? Are you SURE that double clicking logs a user in as Guest? I have an uneasy feeling that things are set up differently than you're thinking.

                      • 8. Re: File Display Filter- FM Server 14 question
                        jdevans

                        I'm going to open each one I suspect that is set up that way and be sure before I go ahead with anything else. The first two I looked at were setup with Log In Using Guest Account...and Allow Credential Manager to save password.

                         

                        ( BTW, changing the permission from domain to group made no difference.)

                         

                        When these files were created, it was done in FileMaker 5 or older, and at the time, there was no Active Directory set up here at this organization.

                        • 9. Re: File Display Filter- FM Server 14 question
                          dtcgnet

                          Login as the Full Access account if you can. Go to File>Manage>Security. Take a look at the accounts that are set up. If it's like you're thinking, then my guess is there is one Guest account and one Admin account. If there are other accounts, see what their assigned privilege sets are.

                           

                          Because you do have Active Directory, and the files are served, External Authentication would be available to your organization, and EA is by far the most secure and preferred method. Making a switch to EA would be relatively easy, and would provide you with very robust security.

                           

                          The security guide is a great resource. You can find it at:

                          Security Guide for FileMaker 14