3 Replies Latest reply on Aug 6, 2013 6:43 AM by usbc

    Security and the deleted field content

    usbc

      I was asked a question today about how secure is deleted content in FMP 11 & 12.

      I've done some searching and have so far failed to get an answer. Can the various data recovery software expose data that has been deleted from a field ?

      Just to be clear, I am not talking about a deleted FMP file but rather the content which once resided in a individual field.

      Is the answer different based on the OS? (this particular client is Mac based )

      Does anyone know ?

       

      Chuck

        • 1. Re: Security and the deleted field content
          mikebeargie

          There is nothing the really covers this in the filemaker 12 security guide:

          http://www.filemaker.com/downloads/documentation/fm12_security_guide_en.pdf

           

          However, data recovery programs (IE Recuva, FileSalvage, Disk Drill) will only ever recover the file itself, they can not recover data from inside of a file. There are no commercially available filemaker basecode data extractors that I know of (if someone else knows something that reads .fmp12, please post it).

           

          That being said, as long as your .fmp12 file is setup following the best practices for security (account privs, connection encryption, etc..), then there would be no way to recover the data after it is deleted and/or committed. As far as any other non-filemaker program is concerned, any data it can extract from a .fmp12 file would be encrypted, only able to be decrypted by filemaker itself.

           

          One warning though, I believe there are 3rd party software recovery utilities somewhere out there that will reset passwords on stand-alone filemaker files. If there is a danger of someone getting an offline copy of the file, then that is a security risk. Normally this can be negated though by using server edition to host the file, and locking down the host server.

          1 of 1 people found this helpful
          • 2. Re: Security and the deleted field content

            Chuck,

             

            I wonder you seem to care more about deleted content than the data you use.

             

            The answer to your question is NO. Once a record is committed, any previous data is gone forever. Watch your backups and data referenced externally.

             

            Further, there is no "various data recovery software", it's a waste of money.

            Nevertheless I can repair most files (depending on the grade of damage).

            See <www.fmdiff.com/repairs> for details.

             

            Winfried

            • 3. Re: Security and the deleted field content
              usbc

              Thanks for the reply, Winfried.

              "I wonder you seem to care more about deleted content than the data you use."

              No need to wonder. This question was posed by a potential client who was concerned about the security of card numbers which purposely get deleted for security reasons. They (and me) wanted to be certain that they could not be recovered.

               

              For my part, I am comfortable accepting your answer as true.

              I will, however, need to answer them in writing. Thus my search for documentation.

               

              Thanks again, - Chuck