Steven H. Blackwell

A Serious Conversation About FileMaker Platform Security

FileMaker Platform solutions and deployments are susceptible to any of six major attacks against their Confidentiality, Integrity, Availability, or Resilience. These attacks target one or more of seven vulnerabilities in the products. The developer community is at the front-line of defense against these attacks.

Just as many developers and FileMaker Platform end-users come to appreciate the importance of back-ups only after some damaging incident happens, so too many FileMaker developer apply the lessons of good security management only after a breach of their or their clients’ systems.

The traditional Information Security Threat and Risk Matrix model deals with Threats, Threat Agents, Risks, Vulnerabilities, Breaches, deleterious Impacts, and Remediation. Most FileMaker developers understand these concepts once they are presented to them. But many do not then see how these concepts apply specifically to their own circumstances in the FileMaker Platform environment. For example, the default-installed FileMaker Server Sample file presents a serious attack vector against both the server itself and the hosted files as well.

We need to have a serious conversation about this topic. There will be no slides and likely no demo files either. However, most developers do have some knowledge and experience they can contribute to this discussion. Advance suggestions are welcome as well.


Thanks to all who attended and contributed to this session. Here are links to two items I referenced:

Subject Author Replies Views Last Message
No Comments