You can leave the password blank in the External Data Source so that users are prompted for a User ID and password to see the ESS data. I know you are probably trying to avoid that, but it is the true security method of handling things. Also, only have a couple of Full Access accounts that need to do development or admin work. Make everyone else not have that ability to change External Data Sources since most people should not have this need. And, of course, make strong passwords, especially for the Full Access accounts.
The reality is that FileMaker is almost never hacked and is not even subject to the most common database hacks, SQL injection attacks. If someone "hacks" into your FileMaker account, I can pretty much guarantee you it was because of a weak password that someone guessed or an inside job. Just search the internet and you won't find true hacks into FileMaker like you do most SQL databases. Make sure to use FileMaker hosted on a server with encryption turned on and make sure to use the latest versions of FileMaker. Checking the secure connection box on the server gives you a full AES 256 bit cipher of all database data, which right now is good up to the first level of Top Secret communicaiton for the US Government.
Since the password box on ESS sources lets you use the entire calculation engine, I suppose you could use something like the free ScriptMaster Plugin, load up encryption functions, and create a calculation that decrypts a stored value. Of course, protecting the decryption key becomes the next thing to worry about, but you could hide it pretty effectively if you want to.
It seems like being able to use Windows SSO for authentication to the ESS Data source would be more secure, and it is an option.
-- Drew Tenenholz
I wouldn't worry to much about this.
As Taylor said make your admin un/pw combinations strong. This limits the chance of someone guessing the account credentials.
In order to 'Hack' the system they would need physical access to the files. You have control over this because you can lock down the server and also lock down the room the server is in and the building the room is in...Make sure you have a real firewall, sonicwall or cisco, not the $79 variety, to secure your network from outside attacks.
Data is much easier to get at but that's a different story.