FilemakerWebHosting Web Publishing Security Quidelines

    Introduction to FileMaker Pro web security    9

Customers.fp5

Customers.fp5

Invoices.fp5

Invoices.fp5

Web Invoices.fp5

Products.fp5

Products.fp5

Invoice Line Items.fp5

Invoice Line Items.fp5

A typical desktop database solution, showing a

The same solution modified for web publishing. You can

master database (Invoices.fp5) with three related

greatly increase security by adding a dedicated  web

files.

only  database and using relationships and calculations

(which can't be modified directly) to share  your data.  In

the above model, only Web Invoices.fp5 is published to

the Web.

Note

  In general, use your  web only  database only for web publishing. It is not a good practice to

enable databases published to the Web to also be enabled for Local/Remote Data Access or shared

as Multi User. It is easier to manage security if you use a web only database as the front end to your

solution for web users, and keep this separate from considerations for access to the same solution

from FileMaker Pro clients, the Data Access Companions, or other clients.

If you are publishing the FileMaker Pro database over your intranet (such as a local area network

behind a firewall), you can use any access privileges you may have set up for current users of the

database. You can provide a more limited web only password when users are accessing the

database via a web browser.

2.

Review all scripts, and eliminate all scripts that could be used to perform inappropriate actions,

or should not be executed by a web user.

A script might include actions that should be controlled by access privileges, such as Edit and

Delete records.

A script might also include actions that are not controlled by access privileges, such as Send Mail,

or actions that might not be designed to be executed from the Web. For example, a script step that

will cause a prompt or message window to be displayed on the host computer will  hang  the

system when executed from the Web.

Also, consider the side effects of scripts that execute a combination of steps that are controlled by

access privileges. For example, if a script includes a step to Delete Records, and a web user does

not have a password that allows record deletion, the script will not execute the Delete Records script

step. However, the script will continue to run, and subsequent steps in the same script may be

executed. This could cause unexpected results.

In general, create a  web only  database with a minimum set of scripts that are intended to be used

from the Web and have no harmful side effects if they are executed by any web user.





  
    
          

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Host

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Host
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved