Access Keys:
Skip to content (Access Key - 0)

Encrypting FileMaker Data

On this page:

Encrypting the data stream and user accounts

FileMaker data hosted on a server and accessed by clients can be encrypted over the network via SSL via a checkbox on the FileMaker Server Admin console security tab. With encryption so easily accomplished, there is no reason not to encrypt your data stream.

Enable SSL between FM clients and FM Server

  1. Launch the FileMaker Server Admin Console.
  2. Go to Database Server > Security.
  3. Check the box for Require secure connections.
  4. Click Save.

Note: You must restart FileMaker Server for this change in setting to take effect.

Encryption technology

FileMaker authentication occurs at the server level. Hashes of the passwords, not the passwords themselves, are stored. FileMaker uses TripleDES encryption with the addition of HMACSHA-1 for integrity checking.
Important: No password protection measure is 100% safe against unauthorized access if a database system is not also secured by other means. Without also ensuring the physical security of the database system and server, encryption is a limited tool.

FileMaker uses a compressed Unicode text format that makes the data stream more difficult to read in a text editor, thus further reducing compromise by network sniffing.

Additional Encryption Considerations:

  • By default FileMaker comes with only 1024-bit certificates used to encrypt the data that passes between server and clients.  At MIT we recommend use of 2048-bit certificates. See FileMaker Server Certificates for more information about using 2048-bit signed certificates on FileMaker Server.
  • Progressive downloaded of container data cannot be encrypted. To encrypt interactive data, the container data must first download the entire contents of the field before the user can interact with that data. See Interactive Field Security
  • By default web services are enabled with version 13 and cannot be disabled. Unless you are using your server as a dedicated web publishing server, do not enable web publishing.
  • With version 13, the connection between the FileMaker Server engine and FileMaker Web Services is now encrypted by default. 
  • Enabling SSL on FM Server does not impact ODBC connections; The ODBC client or driver must provide for the encryption layer. NOTE: The Oracle drivers used for accessing the Data Warehouse at MIT through FileMaker's ESS connections are encrypted.

Encryption at Rest

With FileMaker 13 a new Encryption At Rest (EAR) security feature was introduced. There may be circumstances involving protection of data of known or unknown sensitivity stored locally in active or inactive files or in archival systems where EAR could be an appropriate measure of added protection against possible data breaches.  If you are aware that there may be files like this stored on your computer or on other computers for which you have some responsibility, the first step would be to consult the IS&T Security Team to talk about appropriate steps to securing all FileMaker data.  We do not recommend using EAR without first consulting the Security Team at MIT.

MIT Provides no password recovery support for users of EAR!

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

April 26, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-dda c-dda Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki