4

I am currently working with FileMaker and their PHP API, and I have to search, insert and update database entries from a website.

I just have a quick question really. Is there any specific security issues I should be concerned about whilst working with the FileMaker Database as I don't believe it uses SQL as a backend language so there would be no SQL Injections and things like that.

Obviously I sanitize all data for HTML and any arbitrary code, but is there anything I should be weary of for things like SQL injections but for FileMaker?

All answers would be welcome.

DarkMantis
  • 1,510
  • 5
  • 19
  • 40

1 Answers1

6

FileMaker PHP API uses FileMaker Server's XML backend, which only accepts GET and POST requests in known format. I don't think there's a way to send something malicious.

There could be a way to bypass your PHP layer and access the XML backend directly. If this is a problem, it should be solved on both PHP and FileMaker levels. E.g. one way is to create a special account for web access and only give the password to the PHP app. (This implies you don't need personalized web access or have a special scenario for it.) If this doesn't work, there's a number of other options: one can restrict access to layouts and fields, mark layouts as read-only, or use FileMaker scripts to do custom checking and completely hide what is going on.

Mikhail Edoshin
  • 2,639
  • 16
  • 25
  • Great answer, thanks for the information. I just wanted to know if there was anything like SQL injections and what not, I did have the idea of creating a new user, etc. So yeah, great answer, thanks again! – DarkMantis Oct 10 '11 at 09:51