4 Replies Latest reply on Feb 6, 2015 11:31 AM by eperi

    Database encryption - Plug In



      we are interested in porting our existing database encryption solution to filemaker.

      As of today, we are able to handle databases like "Microsoft SQL-Server", Oracle, IBM DB2 and MariaDB.


      What would be the best way to "hook" into filemaker.

      -> Is there an API, where we can get the data before there are stored on disk?


      Thank you for the first hints in the filemaker-jungle.


      Best Regards


        • 1. Re: Database encryption - Plug In

          there is a plugin API, but not for such a hook.

          Best may be to provide an ODBC client for your encrypted db.

          • 2. Re: Database encryption - Plug In

            Thank you for the answer - this could be a solution, but we want to build a solution that does work with filemaker even without an external Database. As far as I understood, filemaker has also the possibility to store the data in an own datastorage.

            Additionally we would like to be independant from the underlaying Database. ODBC ist more or less depending on the Database-Vendor.


            What would be the best way getting access to the "Data-Stream" before stored?


            Best regards


            • 3. Re: Database encryption - Plug In

              I think you need to understand that FileMaker is fundamentally different from other database systems. Its database storage is intrinsic to the database file. In order to intercept any data "before stored", you would have to use the plugin API and the developer would have to use your plugin to insert the data into the field. You cannot intercept it "midstream" between the interface and the database as you would with other database systems, because they don't exist separately (with the exception of the PHP API).


              That said, you probably should be aware that FileMaker already provides encryption functionality for network traffic between the client and the server, and to encrypt the entire database file at rest. The only "hole" in the encryption feature set is the ability to encrypt a single field (and not the entire database). And Christian's suggestion to use the plugin API would be the way to go here, if that's what you want to provide. (And there have been some requests for that.)





              • 4. Re: Database encryption - Plug In

                Thank you for this detailed discription and the great help in this forum.


                We are able to solve our requirements by using our standard product "eperi Gateway for Cloud Apps". This is a transparent Proxy, that encrypts the sensitive Data before transfered to the FileMaker Installation. That means, FileMaker just "sees" encryted data. Even the Administrator is unable to see the data in cleartext. The eperi Gateway is fully customizable (means: you decide what to encryt), and used since more than 10 year from more than 100 big companies.

                We will not port our standard database encryption to FileMaker, because there seems to be no need for this due to our Produkt "eperi Gateway for Cloud Apps".

                If you have any questions - just ask!