2 Replies Latest reply on May 1, 2013 12:41 PM by DrewTenenholz

    Need help with Encryption on Server 11 and then 12 Advanced

    MacUT

      IT is now insisting that sensitive data in my Filemaker solutions be encrypted so if someonehacks in to the server they will not be able to read the data. The main concern is Social Security Numbers and Credit Card Numbers. IT wants these fields to be encrypted on the server. I'm a bit confused on how the work flow should be handled. If for example the SSN field is encrypted on the server how does a client retrive a SSN for a particular record and after entering a new SSN for a record how does the server know to encrypt the data. First of all I believe I need a plugin to do the encryption, is that right. Then do I write a script that encrypts all the records say for the SSN field. After that do I need a script that the client can run on a particular record that would decrypt the SSN in order to use it or change it? Once the client closes the solution would I then have a script that would encrypt the SSN field? If the client needs to run a report that includes the SSN number I would need to run a script to decrypt all the records before running the report and the encrypt then all again when the client signs off.

       

      I've never worked with encryption and as you can see am a bit confused on how the process should work. Also, any suggestions on which plugin would be best for what I need to do would be welcomed.

       

      Thanks

       

      Brian Garman

        • 1. Re: Need help with Encryption on Server 11 and then 12 Advanced
          wimdecorte

          What you are describing is called "encryption at rest".  "encryption in transit" is already take care of by FMS if you enable the SSL option on the server.

           

          You will need scripts to decrypt end re-encrypt data as the user asks for it.  The idea is that you only decrypt data on a per-record basis, so never to display that field in a list view or on a report.  You have to be very careful keeping track of when data is in encrypted or decrypted form.  You do NOT want to encrypt data that is already encrypted thinking that is not or you will never be able to get the original data back.

           

          The biggest problem is where to store the encryption key.  You do not want to store that inside your solution, that kind of defeats the whole purpose of the extra security.  That is not an easy problem to solve and you probably need to ask IT what their guidelines are.

           

          You will need a plugin for this.  Troi has one, Sky Dancer Studios has one too.