1 Reply Latest reply on Jun 17, 2013 3:28 AM by wimdecorte

    Security issues using ODBC and remote IWP




      We are thinking of offering up a FileMaker IWP web site for suppliers to fill in their quotes on line.


      I've done that and set up a system that from our quote specs page, fires off an email inviting the supplier to reply on line via the IWP site. I'm impressed with how easy it all was to set up. If it's a new supplier my script even set's up a new account and password so when they sign in on line they only ever see their account etc. So from a FileMaker point of view my boss is happy with the security.


      My boss, however, has internet security issues. So I put this IWP site on a remote server (rather than the office LAN) and linked to it via an ODBC (FileMaker to FileMaker). He's now questioning the security of this ODBC connection. What's the security issues with an ODBC? What about a remotely hosted IWP? Is the link open full time the database is running or just when packets of info fly about?


      Any comments or suggestions, greatly received




        • 1. Re: Security issues using ODBC and remote IWP

          The ODBC connection is only open when needed.


          For best security the office machine should initiate the transfer, not the remote machine.  If the remote machine gets compromised there is nothing there to make a connection to the office machine and there are no open ports on the office firewall to attack.

          For the "data in transit" protection I would look into establishing a VPN tunnel between the office machine and the remote machine and do the ODBC traffic through the VPN.  That adds a protection layer around that traffic.