Chapter 9: Security

Naming Your Database

Because it is possible for a web server to return an entire FileMaker Pro database directly from disk, the common rule of thumb is to place the database outside the web server's directory tree. On the other hand, it's generally more convenient to keep the database, Template files, images etc. in the same solution folder. With WEB·FM, this is not a security problem provided the database name ends with a ".fm" suffix. Whenever the web server sees ".fm" as the suffix for a requested file, it automatically passes the request to WEB·FM for processing rather than serving the database from disk. The ".fm" at the end of the file is known as a suffix. It is the default suffix mapped to WEB·FM. You can change this suffix within you web server administration package. If your database name does not contain a suffix, place the database outside of the server folder. If it does, you are perfectly safe keeping the database in the server folder along with any external HTML documents you might be using.

Securing the PI_ADMIN.FM database

The database "pi_admin.fm" is your security control panel for ALL of the databases you publish online. It's the interface you use to administer the defaults and security settings used by WEB·FM. Proper care should be taken to prevent access to this database and it's contents. The Admin password for a specific database provides FULL access to that database regardless of the specified permissions and field security settings. The Admin password for the "DEFAULT" database entry provides FULL access to any database which does not have an entry. If the Admin password for a database is blank, this enables FULL access privileges to that database, including updating and deleting database records. This may actually prove useful in an Intranet setting or other situations where security may not be an issue but full access to the database is.

Here are several suggestions for securing access to the "pi_admin.fm" database.

  1. Define a web server realm with "pi_admin" as the match string if one is not already defined. If you wish, you may add a web server password that allows access to this realm. Most likely the realm password you choose is the same password you entered for the "pi_admin.fm" database entry during installation. You can of course make the passwords different so not even the administrator has web access to the Admin database.
  2. It's not required that the Admin database remain open or even exist on your web server, although it can prove convenient.
  3. The Admin database supports remote LAN administration of the settings file used by WEB·FM. This means you can remove the Admin database entirely from the web server and administer WEB·FM remotely if you wish from another computer using Program Linking.
  4. If you enable Program Linking on your web server, be sure to disable Guest access so someone else on the LAN can't somehow update the settings remotely.
  5. The Admin database itself may also be password protected on open. To enable password protection, open the Admin database and from the File menu select "Change PasswordÉ". In the dialog that appears, enter "WEB·FM" as the old password, then enter your new password.

Available Security Options

Database-level, Realm-based Security

Because each and every database transaction using WEB·FM requires the name of the target database be specified in the URL, you can setup a secure web server realm with your database name as a match string. This will implement password protection at the web server level for all web activity on the specific database.

Task-level Security

Use the Admin database to optionally disable or enable tasks as appropriate for the needs of your specific database. A valid Admin password may be used to override these restrictions.

Available commands fall under the following task permissions:

Browse RecordsFind, Retrieve, Random
Browse AllFindAll
Create RecordsAdd
Edit RecordsUpdate, Delete, FindUser

Field-level Security

Use the Admin database to optionally disable access to specific database fields. In the "Finding" field enter any field name you wish to restrict from someone performing a Find. In the "Returning" field enter any field name you wish to restrict from someone returning data. A valid Admin password may be used to override these restrictions.

Record-level Security

A database where users need to update and delete existing records requires that the database contain "username" and "password" fields or a "cookie" field. If the database does not contain these fields the only way to modify existing records is by supplying the Admin password for that database.