Security Enhancements in FileMaker 18

Subscribe to Our Blog

Thanks to the new security enhancements in FileMaker 18 Advanced, you will be able to make your solutions more secure than ever by using features to limit access to a solution, authenticate its users, encrypt the data, and enhance the solution’s overall functionality.



Manage Security dialog box in FileMaker 18

A very noticeable change in managing security in FileMaker Pro 18 versus using FileMaker Pro 17 would be the new Manage Security dialog box, pictured below.

Most likely, the first thing you’ll notice will be the simplistic look and the lack of some familiar components from the old Manage Security dialog box. Fret not, this new dialog box will still allow you to manage accounts, privilege sets, extended privileges as well as file access.

Authenticating users in FileMaker 18

The main Manage Security dialog box displays a list of all the system’s accounts. This list is filtered, by default, by accounts authenticated via FileMaker File or External Server. This is shown above the list and can be changed to filter by one of the OAuth providers (Amazon, Google, or Microsoft Azure AD). From this list, a user with a [Full Access] privilege set is able to work with an account list filtered by priority, active/inactive, type, name or privilege set. Simple changes, such as changing the active status or assigning a privilege set, can be done directly inside the list. The new Manage Security dialog box allows you to see whether the selected authentication type is supported on the file’s current host.

Selecting an item on the list of accounts will display a new menu on the right side of the screen that allows you to manage more details pertaining to the selected account. This menu will allow you to change options like account name and password, require a password change upon next sign in, change a privilege set assignment, open the edit privilege set window or edit the account’s description.

At the bottom left corner of the accounts list, you will find the buttons to create a new account, duplicate the access to a file to another user or group or delete the account. An admin is able to create and modify account access in a shared file, even while clients are using it. The changes made will take effect immediately but do not disrupt any current clients. For example, if you made an account access entry inactive while clients are using it, their usage of the file would not be disrupted, but, once they close the file, they would not be able to reopen. Just as it was in FileMaker Pro Advanced 17, you can grant account access to as many users or groups as needed, and each file will contain two predefined accounts, Admin
and Guest.

To create a new account, click the New button with the plus sign. It will create a new account with a default name, privilege set and other data for you to modify to your liking. FileMaker clients support multiple types of accounts, and they differ in their authentication processes. The FileMaker file account is the only type of account that defines the account name and password within FileMaker Pro Advanced. All other types use an external identity provider or authentication server to define the account info.

The following table summarizes which FileMaker hosts support each account type, where the account info is defined, and whether or not individual accounts are supported.

Two key things to
remember:

  1. Only the FileMaker File account type can be used to open a local file.
  2. Microsoft Azure AD is the only supported OAuth identity provided that supports groups.

Creating and managing access and privileges in FileMaker 18

The components that were available at the top of the window in a tab control in FileMaker Pro Advanced 17, can now be found by clicking Advanced Settings, shown on the bottom left of the window in the new dialog box. This will open up a new window where you can manage privilege sets, extended privileges and file access.

Privilege sets in FileMaker 18

To create a new privilege set, enter the Privilege Sets tab of the Advanced Security Settings window and click the blue New button at the bottom left. To edit an existing privilege set, select the privilege set from the list, and once it is highlighted, click edit. Changes made to a privilege set will update all account access entries in that system that are using that privilege set. Below is a picture of the Edit Privilege Set dialog window, where you will see the available capabilities. Under Data Access and Design, you can see the defined privileges broken up into Records, Layouts, Value Lists and Scripts. At the bottom of each of those categories, you will be able to select “Custom Privileges…”, which will allow you to restrict access to individual tables, layouts, value lists and scripts.

Extended privileges in FileMaker 18

Extended privileges determine the data sharing options that are permitted by a privilege set for a file. In previous versions of FileMaker Pro Advanced, only accounts with a [Full Access] privilege set could manage accounts. In FileMaker Pro 18 Advanced, you can grant accounts with privilege sets other than [Full Access] to manage extended privilege sets, but it is required that the file is opened with an account that is assigned the extended privilege: Manage extended privileges. You will now be able to grant users the ability to create and delete access to a file and even assign existing privilege sets without allowing them to modify groups or users that have the [Full Access] privilege set or create or edit privilege sets.

To create an extended privilege, open the Extended Privileges tab of the Advanced Security Settings dialog box. Click New, at the bottom left, and you will see the following window:

The field for description is optional, but a keyword to your desired Extended Privilege is required. Select a Privilege Set or multiple sets, inside the access box, to add that privilege to the set(s). It is important to note that all extended privileges (except fmreauthenticate10) are disabled by default, even in the [Full Access] privilege set.

File access in FileMaker 18

The last tab in the Advanced Security Settings dialog box is the File Access tab. This tab allows you to control whether other FileMaker Pro Advanced files are permitted to access the database schema in a file (layouts, tables, scripts, value lists). When protection is enabled, any use of the protected file will require authentication. So, in multifile solutions, you will need to authorize all of the files. Turning on protection is important because it prevents users from having the ability to create another file that uses tables of the original file but does not implement the same logic. This alternative file could bypass your logic, even though record level access would still be enforced. Along with that, turning on protection also prevents files that are not authorized from opening a protected file using the Open File script step. It is important to recognize that protecting a file and authorizing other files to access it is different from protecting a file’s record data.

            To protect the file against unwanted access from other files, select Require full access privileges to use references to this file. If any files that reference the protected file are currently open, you will see an alert for each file, asking if you want to authorize the file. To remove authorization for a file, select the file for which you want to remove authorization, then click Deauthorize.

Unsigned plugins in FileMaker 18

Another security feature that comes new with the arrival of FileMaker Pro 18 Advanced is the unsigned plug-in notification. This means FileMaker Pro Advanced will notify you when a plug-in has not been digitally signed by its developer. If a plug-in is enabled, FileMaker will attempt to load it at two times, directly after when it’s installed, as well as whenever FileMaker Pro 18 Advanced starts. If the enabled plug-in is missing the digital signature of the developer, FileMaker will notify you, warning you that the plug-in has been modified since the developer created it. Once you see this notification you will have three choices:

  1. Ignore the warnings, and select Always load this plug-in. If you select this option FileMaker will load the plug-in, then add it to the list of permitted plug-ins. Once this is done, you will not
    receive any more notifications about the missing digital signature.
  2. If you would like to load the plug in, but not put it on the enabled plug-ins list, select Load Plug-in. Since the plug-in will not make it to the permitted plug-in list, you will continue to receive notifications about the missing signature.

If you are unsure why the plug-in is missing a signature, click Cancel and either search for a version of the plug-in that includes the signature, or contact the developer.

Noteworthy changes in FileMaker 18

Another FileMaker Pro
18 Advanced changed to keep in mind during development is the option to require
the Full Access privilege set to use references to a file is now enabled by
default on all new files. The option is unchanged in existing files.

Lastly, there is a set of new functions that will change the way developers can implement security practices. These functions are for digitally signing data and will allow you to digitally sign data and verify signatures of signed data with cryptographic keys. There are two functions that serve this purpose, CryptGenerateSignature, and CryptVerifySignature, these will be covered in a future blog covering all the new functions in FileMaker Pro 18 Advanced.

With these new tools,
and the tools carried over from previous versions, developers should feel confident in their ability to protect their custom applications.