![]() ![]() Since version 14, FileMaker’s HTTP and HTTPS ports have been configurable, but still default to ports 80 and 443, respectively. WebDirect or CWP (Custom Web Publishing). ![]() FileMaker Server’s Admin Console (when using port 16000).FileMaker Pro’s Upload to FileMaker Server (uses http/https).FileMaker Pro & Go client connections (port 5003).external container data (uses http/https).All of the various methods of accessing a FileMaker system can be made to use SSL connections. Here we start to get a bit more specific to FileMaker. Since version 14, the FileMaker Admin Console will block access from a given IP address for 15 minutes after 5 repeated failures. Besides using strong passwords for all access, you may want to consider using external authentication or fail2ban to help block these attempts. It does not protect you from dictionary attacks. Various forms of this attack are frequently used, probably because they are frequently effective and easy to implement. Features in the latest revision of SSL (aka “TLS”), such as session reconnects, will also help reduce any overhead. But I suspect this is now much reduced as algorithms have improved and most CPU’s have started to include instructions to help optimize encryption speeds. In the past, I’ve heard this stated as being as high as 10% added overhead, especially for the initial connection setup. There is a performance penalty for encryption and decryption of data. However, it can indirectly protect data at rest by making it harder to exploit a network connection to gain file system access or sniff passwords. In other words, any database files, scripts, or other documents available via the file system will not be protected by SSL. SSL connections will not help with EAR (Encryption At Rest) requirements. Acquiring this can present some initial logistical challenges, and require administrative overhead, as well as yearly fees for renewal. You will need to use a signed SSL certificate. Although there is some small benefit with using FileMaker’s self-signed certificate, in order to fully realize the benefits mentioned above, a custom certificate signed by a certificate authority is needed (we’ll delve into certificate types in Part II). In Part II, we’ll discuss a few additional benefits specific to FileMaker. ![]() So for this script, adding a “s” was all it took to improve its security. This would pass over your network without any encryption, and could be a great use case for SSL, since both the data and credentials are passed unencrypted. To fix this, we could change the code as follows (assuming port 443 is being used for https connections): curl -u "myuser:secretpassword" "" But consider the following XML query: curl -u "myuser:secretpassword" "" For FileMaker Pro & Go connections, even when not using SSL, credentials are encrypted and data will have some minimal encryption. If any of the above are true, then its quite likely that the same actors involved will also attempt to discover your passwords or any other confidential content passing over your network.
0 Comments
Leave a Reply. |