FileMaker is always improving the FileMaker platform and moving to yearly release cycles has only made it better. The security updates in the latest revision are no exception. The premier security features are field-level encryption, and the ability to authenticate with third party identity servers including Amazon, Google, and Microsoft Azure AD using oAuth.
Field Level Encryption
The ability to encrypt data at the field level using new FileMaker functions will directly impact the security of future systems. The BaseElements FileMaker plugin was our go-to way to perform field-level encryption of sensitive information such as credit card info and protected health information (PHI), but moving forward this can be handled directly by FileMaker natively. The new functions at your disposal include:
CryptEncrypt – Encrypts data with the specified key and returns container data.
CryptEncryptBase64 – Encrypts data with the specified key and returns text in Base64 format.
CryptDecrypt – Decrypts container data with the specified key and returns text or container data.
CryptDecryptBase64 – Decrypts Base64-encoded text with the specified key and returns text or container data.
With these new function encrypting data is a simple function call away. The CryptEncryptBase64 function can be used to secure your data within a text field. It requires two parameters: the data to be encrypted and a secret key. The data is then returned in a secure Base64 format. Be sure to keep your secret key in a safe place. With the key anyone can use the companion function CryptDecryptBase64 to retrieve your sensitive data.
New FileMaker Authentication Methods
FileMaker uses industry standard OAuth 2.0 for communicating with your identity authentication provider of choice. This will allow FileMaker applications to validate user identities with a third party service. This is a great new feature for administrators using Google Apps, Amazon, or Microsoft Azure. Gone are the days of managing two user directories.
This is done in two steps. First configure your FileMaker Server to authenticate with your provider of choice. Next open your FileMaker Pro Application and define an account to use your authentication provider. From now on you will be able to use the third party provider to login just like any other externally authenticated server.
FileMaker Pro / Pro Advanced 16 Features
One thing you will notice throughout the application is that security has become much more prominent. In every screen you will see the security lock indicator. In the login window it will also display the name of the server you are connected with. This is a nice change and will give users peace of mind that their server and connection is secure. As expected clicking the lock will provide information about the connection and certificate being used.
Two new extended privileges have been added in this release. First "fmurlscript" allows you to completely disable fmp URLs from accessing your application. This technique has become very popular over the years, but it is nice to know as developers we have the ability to turn it off. Much like they did in the last release to further put security customization in the users hands.
The other new extended privilege goes hand-in-hand with another great new feature: the FileMaker Data API. The extended privilege set is simply called fmrest. Just like the fmphp and fmxml we recommend disabling until you need to use.
Conclusion
FileMaker's continued improvement in the security realm is always a welcome change. I know this developer will be pushing more clients to use FileMaker 16's new security features, including native data encryption, extended privileges, and third-party OAuth authentication. Please contact us if you would like assistance taking advantage of the latest FileMaker security updates.
Did you know we are an authorized reseller for Claris FileMaker Licensing?
Contact us to discuss upgrading your Claris FileMaker software.