A recently active discussion taught me fundamentally useful aspects of security and encryption options in Filemaker. The discussion mostly centered on how to prevent access with Full Access privileges to a database that a user has physically available on their computer. The answer I took away for my own needs is that I should purchase Filemaker Pro Advanced so I can activate the Encryption at Rest feature.
I have a related question regarding the security of FM databases that are accessed through FM server. Can such a database be cracked? The database contains sensitive health information (PHI governed by HIPAA, if that means something to you) and I have users access it with their own individual accounts and passwords. Could someone running Filemaker Pro on the same network, able to see my server and the databases it provides, be able to access this database if I did not create an account for them? Are there password-cracking programs that can accomplish this?
Drusus
PS If this has been discussed before, my apologies and you can simply tell me to do a search. I am new to this forum and I not fully familiar with finding previously posted information.
This is where security certificates play a key role. Part of this setup encrypts the packets of information that are transmitted between the client machine and the server. The certificate also helps prevent what are sometimes called "man in the middle" attacks.
See this thread where I recently discussed this aspect of security.
Certificates, Security and LAN only solutions
Note also that enforcing good use of strong passwords that the user must change regularly is also key for hosted solutions.