Beverly Voth, FileMaker Pro 6 Developer’s Guide to XML/XSL, 2003
Introduction:
In our ongoing exploration of FileMaker security, we’re stepping back to 2003 with insights from FileMaker Pro 6 Developer’s Guide to XML/XSL by Beverly Voth. This era marks a crucial stage in FileMaker’s security history—one where web-based database publishing was becoming more common, yet the security features we rely on today were still in their infancy.
The chapter “Security on the Web” from Voth’s guide highlights the Web Companion feature, which allowed databases to be shared over the web using FileMaker’s built-in web publishing tools. While the methods discussed here have long been replaced by more advanced security techniques, this content provides an important perspective on the challenges and solutions developers faced at the time.
Security Overview in 2003:
Voth’s guide introduces several key concepts for securing web-published databases in FileMaker Pro 6, including:
- Web Companion Configuration: The central tool for controlling security settings when using FileMaker’s web publishing features. Through the Web Security Database, developers could set password access, field-level and record-level security, and control which scripts were allowed to run.
- Security Blankets: The concept of security “blankets” discussed by Voth refers to methods that provided a feeling of security for the end user, such as hiding HTTP requests or using frames to obscure data. These techniques are described as useful, but ultimately not truly secure in protecting sensitive data.
- Use of Passwords: Passwords were the primary means of controlling access, but passwords were not case-sensitive and had limited length (31 characters). FileMaker Pro 6 introduced record-level access, allowing for more granular control of who could view, edit, or delete records.
Why This Matters Today:
Though many of these methods are outdated, reviewing them gives us a better understanding of the security landscape of the time. In the early 2000s, when FileMaker was a powerful yet more simplified tool, developers had fewer built-in security options and often had to rely on workarounds and additional configurations, such as setting up firewalls and utilizing encryption plugins.
Voth’s guide is a window into how FileMaker’s web-publishing capabilities had advanced, but also highlights the growing need for robust security practices, especially as FileMaker became more prevalent on the web.
Security Practices in 2003 vs. Today:
- Web Companion: While Web Companion provided the foundation for early web-published databases, today we rely on FileMaker Server and more modern web frameworks, offering encryption, SSL certificates, and built-in privilege sets.
- Passwords and Record-Level Access: Passwords are now much stronger, supporting more characters and case sensitivity. In 2003, record-level access was a relatively new feature, but today it’s one of the most critical aspects of securing data in FileMaker, giving developers much finer control over who can view or edit sensitive information.
- Security Blankets: While security blankets provided a sense of protection, modern best practices focus on actual data security—encrypting data both in transit and at rest, as well as ensuring access to data is tightly controlled and monitored.
