I hesitate even to bring this up, because this is Dangerous Knowledge.
When you create a new FileMaker database, FileMaker gives you a default login account, with a default name and password. I wish it didn't and in my opinion, it shouldn't. But it does.
So here's what you need to know: Never, ever leave that default account enabled.
When would this matter?
If the database is stored on your computer and never shared with anybody, keeping the default account enabled means anybody who can get into your computer, can open the database — as developer. Now, this isn't really as big a deal as you might think, because they could do this even if you didn't use the FileMaker default login account. (Hint: Password crackers.) That's one more reason why you need to be careful about the security of your computer.
But God forbid the database is hosted on a server that is configured for remote access! In that case, physical access to the server is irrelevant. Any Internet troll who knows or can guess the server's address can get into your database — as developer. What do I mean by "server configured for remote access"? I mean a server machine that sits in your office but which has been configured so you can get to it from outside the LAN. And yes, I mean every single one of those commercial services out there that host FileMaker databases.
When you create a new database, the very first thing you should do is delete the default account and replace it with your own. And of course, immediately store that info in 1Password!
When you create a new FileMaker database, FileMaker gives you a default login account, with a default name and password. I wish it didn't and in my opinion, it shouldn't. But it does.
So here's what you need to know: Never, ever leave that default account enabled.
When would this matter?
If the database is stored on your computer and never shared with anybody, keeping the default account enabled means anybody who can get into your computer, can open the database — as developer. Now, this isn't really as big a deal as you might think, because they could do this even if you didn't use the FileMaker default login account. (Hint: Password crackers.) That's one more reason why you need to be careful about the security of your computer.
But God forbid the database is hosted on a server that is configured for remote access! In that case, physical access to the server is irrelevant. Any Internet troll who knows or can guess the server's address can get into your database — as developer. What do I mean by "server configured for remote access"? I mean a server machine that sits in your office but which has been configured so you can get to it from outside the LAN. And yes, I mean every single one of those commercial services out there that host FileMaker databases.
When you create a new database, the very first thing you should do is delete the default account and replace it with your own. And of course, immediately store that info in 1Password!
Comments
Post a Comment