I'm just starting work on moving a client side script to the server to increase speed.
Since April, we have been using webdirect to send leads (newly generated contact information) up to a FM cloud server from our men in the field. There are a ton of advantages over paper - it's secure (i hope), leads are error corrected, immediate, lossless, huge savings on data entry temps, direct messaging between our people in the field and my personal favorite, the gamification of the lead generation arm of our company (much of which is staffed by teenagers).
Before I start messing around with the script, I have two questions.
1- Am I missing any glaring security vulnerabilities?
Here's what I've done for security thusfar-
layer 1- The records are entered in the field by teenagers, then encrypted as soon as the record is submitted and passes the error correction checks. Then the encrypted leads are held in a file hosted on the cloud server until they are pulled down by a receptionist with a local key file, where they are then decrypted.
layer 2- The key file is not hosted anywhere (it's just a local .fmp12), which I believe locks everyone else out locally when the key file is in use.
layer 3 - The key is encrypted at rest.
layer 4 - The receptionist has to manually check each lead against the destination database (and marks them as duplicates or new) in case someone pumps the cloud full of fake leads. This also help mitigate issues from true duplicates; the leads that are from customers who have already signed up in the past where we only need to update their record, not add a new one.
layer 5- Once a week we also pull all the leads from the cloud, store them in a separate encrypted local backup and delete them from the cloud.
Nothing like defense in depth, right?!
2- Since the key file uses encryption at rest, I have to punch in the encryption at rest key each time I import to the destination database. I assume the encryption at rest key dialog won't pop up on the client if I run the import script step in a subscript with the "perform script on server" script step. Am I wrong? If I am not wrong, is there a way I can pass the encryption at rest key for the local unhosted key file to the server? Is there a way to hard wire it, pass the encryption at rest dialog to the user or can the encryption at rest key be passed as a parameter? In other words, which of the actions below can be done on the server and which ones have to be done on the client?
Here's the details of how the script executes the import currently from the client.
Once the fourth security layer is completed listed above is completed, the leads are ready for the import script.
1) - remind the receptionist to close the local key file to allow it to be accessed by the server
2) - import all of the leads in the key file (requires encryption at rest key for local unhosted key file)
3) - check each imported record against the database to make sure it has not been imported twice
4) - delete each lead that has been imported in a previous import or is marked as a duplicate by reception
5) - display the freshly imported leads and show the number of leads imported
I'm looking forward to any advice you can send along as I'm buried in ideas from DevCon and I want to knock out as many of the easy ones as I can as fast as I can so I can start messing around with more exciting things like IoT and AWS integrations.
Sully the Squirt Gun Guy