I just installed FileMaker 17 server and I don't understand the situation with the SSL certificate:
dida110 wrote: Thanks a lot for your answer.If you're using FMP inside your own network, it's less clear if you need a certificate. I would argue that you still would want a certificate since you can never be sure that your network isn't hacked.So what does hacked mean? My big question is: Is the host communicate with the server in clear text, so if I log in with my user every man in the middle attack is successful ?
Thanks a lot for your answer.
If you're using FMP inside your own network, it's less clear if you need a certificate. I would argue that you still would want a certificate since you can never be sure that your network isn't hacked.
So what does hacked mean? My big question is: Is the host communicate with the server in clear text, so if I log in with my user every man in the middle attack is successful ?
Without an SSL cert, the communication between the server and its clients is not encrypted. Most security position papers state that the vast majority of attacks do not come from the outside but from the inside and that is argument enough to always use an SSL certificate if your data is important enough. In the end it comes down to a risk assessment and your level of risk appetite, but do not fall in the trap of thinking that communications inside a network are safe by default.
A man in the middle attack is the most likely attack and can take many forms:
1) trying to interpret and read the data as it flows by (it is not encrypted so easier to deconstruct)
2) trying to divert the traffic to another destination (there is no destination name verification without an SSL cert)
3) trying to inject and manipulate the data
With many products, like Linux CentOS and other services, you can use "Let's Encrypt" service to generate a totally free certificate. You can also easily create free self-signed certificates using those services or by using Oracle's Keytool. FileMaker Server, for whatever reason given it's steep price (I can't figure this out either) is extremely picky/limited for the SSL certs it "likes".
In any case, I just use an $8.88/yr. namecheap.com Comodo certificate with FMS 17 and it works just fine, however. So, you don't have to spend lots of money.
Hacked means that someone have tried to take over your server and what is on that computer. If you use SSL certificate, the traffic to and from your server is going to be encrypted and you do not have to worry about your data security going back and forward between your FileMaker Pro and FileMaker Server
I don't know the internals of FMP since FMI keeps that opaque, and don't have time or desire to have them be more "open", but to me "hacked" just means your network is compromised and someone could be intercepting traffic in some way. "Man in the middle" attack is one of those methods.
Just as with email and realizing it's as secure as sending a postcard through the mail, an SSL certificate is a prudent thing to have and use. (and PGP for email!)
Yes sorry I was not accurate enough, I do know what hacked means . My question is more if a simple man in the middle attack is enough to get the FileMaker password from a user who is singing in.
If you use SSL Certificate, all things going back and forward are encrypted
Man in the middle is only one of many possible network attacks.
I agree with johanhedman, just use an SSL certificate and you should be fine.
Ok thank you, thats ridiculous for me I mean why they don't offer a simple function to create a self-signed certificate with a sigle click. It makes no sense for me to pay for a certificate in the local network.
dida110 wrote: It makes no sense for me to pay for a certificate in the local network.
It makes no sense for me to pay for a certificate in the local network.
Nobody is forcing you to get a certificate in any case.
Retrieving data ...