You are on page 1of 10

http://store.neocodesoftware.

com

Securing Your FileMaker 7+ Database


For brevity and focus, this document assumes you’ve designed a secure database using FileMaker’s
Accounts & Privileges. For more information on designing a secure FileMaker database, consult
FileMaker support documentation or hire a certified FileMaker Developer/Consultant. The
following items should be considered absolute minimum procedures for any FileMaker file (hosted
or otherwise).

 Secure the Admin account with a password.


 Disable the Guest account.
 Disable the “Login Using Account” File Option.

Secure the Admin account with a password


By default, each new FileMaker database is created with an ‘Admin’ account. This automatically
generated ‘Admin’ account will have full access to the database and will not have a password. At a
minimum, you must give this account a secure password.

1. Open Accounts & Privileges

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

2. Open the Admin account.

2.1. Double click the Admin account.

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

3. Enter a Password

3.1. For optimal security, adhere to as many of the following criteria as possible:
 the use of both upper- and lower-case letters (case sensitivity)
 inclusion of one or more numerical digits
 inclusion of special characters
 prohibition of words found in a dictionary or the user's personal information
 prohibition of passwords that match the format of calendar dates, license plate numbers, or other
common numbers

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

3.2. Click ‘OK’.

4. Close Accounts & Privileges


4.1. On the ‘Manage Accounts & Privileges’ dialog, click ‘OK’

4.2. Verify that you know the Master Password by re-entering the Admin password & clicking ‘OK’.

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

Disable the Guest account


By default, the ‘Guest’ account is usually disabled; unless you’ve designed your permission structure
to use the ‘Guest’ account, it’s always a good idea to verify the ‘Guest’ account before hosting your
FileMaker database.

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

1. Open Accounts & Privileges

5. De-activate the ‘Guest’ Account.


5.1. Here the ‘Guest’ account is enabled.

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

5.2. Disable the ‘Guest’ account by unchecking the box in the ‘Active’ column.

6. Close ‘Manage Accounts & Privileges’


6.1. On the ‘Manage Accounts & Privileges’ dialog, click ‘OK’

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

6.2. Verify that you know the Master Password by re-entering the Admin password & clicking ‘OK’.

Disable the “Login Using Account” File Option.


A file should only automatically open with a ‘limited access’ account when all security risks have
been considered and accounted for. The steps below show how to deactivate the ‘Log in using’
feature.

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

1. Open File Options

7. Disable the ‘Log in Using Account’ settings.


7.1. In this case, the file has been defined to open with a default Account/Password. NOTE: this is not a
recommended practice for local or hosted databases.

Contents Copyright Neo Code Software 2009


http://store.neocodesoftware.com

7.2. Secure the database by clearing the “Log in using’ checkbox and then click ‘OK’.

Contents Copyright Neo Code Software 2009