Hosting your files in the cloud offers many advantages, but it involves a minimum of security measures.
The following is not an exhaustive list of security measures you can take to keep your application secure. It is a set of measures to take before uploading a file to your fmcloud.fm server.
Other security measures such as encryption, OAuth authentication... are not mandatory to switch to fmcloud.fm. However, they are all supported by our service.
The security dialog (File/Manage/Security)
- [MANDATORY] disable [Guest] access.
- [MANDATORY] make sure that all accounts with [Full Access] are password-protected (below FileMaker displays an account with Full Access that is not password-protected in red)
- [RECOMMENDED] Protect all accounts with password protection (accounts with other privilege than [Full Access] not protected by password will not be displayed in red. Select an account to see on the right whether it is password protected or not.
- MANDATORY] In Extended privileges, make sure that fmapp is enabled for Full Access privilege set, or you won’t be able to modify the file remotely. If you uploaded a file without fmapp extended privilege set, you will have to remove it from the admin console before you can upload a new one.
- [RECOMMENDED] in privilege sets where users are allowed to change their passwords, ensure that the minimum length of passwords is sufficient (at least 8 characters)
- [MANDATORY] in the last tab of the advanced settings, please check the box. Files created with FileMaker 18 and later are configured this way by default.
In the file options (File/File options)
- [RECOMMENDED] disable default account ('Login using')
- [MANDATORY] if you absoutely need to define a default account, this account cannot have the [Full Access] privilege.