FileMaker is always improving the FileMaker platform and moving to yearly release cycles has only made it better. The security updates in the latest revision are no exception. The premier security features are field-level encryption, and the ability to authenticate with third party identity servers including Amazon, Google, and Microsoft Azure AD using oAuth.
The ability to encrypt data at the field level using new FileMaker functions will directly impact the security of future systems. The BaseElements FileMaker plugin was our go-to way to perform field-level encryption of sensitive information such as credit card info and protected health information (PHI), but moving forward this can be handled directly by FileMaker natively. The new functions at your disposal include:
With these new function encrypting data is a simple function call away. The CryptEncryptBase64 function can be used to secure your data within a text field. It requires two parameters: the data to be encrypted and a secret key. The data is then returned in a secure Base64 format. Be sure to keep your secret key in a safe place. With the key anyone can use the companion function CryptDecryptBase64 to retrieve your sensitive data.
FileMaker uses industry standard OAuth 2.0 for communicating with your identity authentication provider of choice. This will allow FileMaker applications to validate user identities with a third party service. This is a great new feature for administrators using Google Apps, Amazon, or Microsoft Azure. Gone are the days of managing two user directories.
This is done in two steps. First configure your FileMaker Server to authenticate with your provider of choice. Next open your FileMaker Pro Application and define an account to use your authentication provider. From now on you will be able to use the third party provider to login just like any other externally authenticated server.
One thing you will notice throughout the application is that security has become much more prominent. In every screen you will see the security lock indicator. In the login window it will also display the name of the server you are connected with. This is a nice change and will give users peace of mind that their server and connection is secure. As expected clicking the lock will provide information about the connection and certificate being used.
Two new extended privileges have been added in this release. First "fmurlscript" allows you to completely disable fmp URLs from accessing your application. This technique has become very popular over the years, but it is nice to know as developers we have the ability to turn it off. Much like they did in the last release to further put security customization in the users hands.
The other new extended privilege goes hand-in-hand with another great new feature: the FileMaker Data API. The extended privilege set is simply called fmrest. Just like the fmphp and fmxml we recommend disabling until you need to use.
FileMaker's continued improvement in the security realm is alway a welcome change. I know this developer will be pushing more clients to use FileMaker 16's new security features, including native data encryption, extended privileges, and third party OAuth authentication.
Did you know we are an authorized reseller for FileMaker Licensing?
Contact us to discuss upgrading your FileMaker software.
Michael is a FileMaker Certified Developer who joins DB Services with nearly a decade of experience as an Information Technology Manager in the printing industry. Originally from San Diego, he moved to Iowa during his teens and earned his Bachelor's Degree in Management Information Systems from Iowa State University.