 Hello, everyone, and thanks for joining us today. My name is Ryan Minook. I'm a Solutions Consultant here at FondMaker, and I'm really excited to be your host for today's FondMaker Security Web Seminar. Joining me today is Rosemary Teejee, a Consulting Engineer at FondMaker, who'll present best practices and tips about FondMaker Security. But before we get started, let's cover a few brief housekeeping notes. For the best experience, it is strongly recommended that you participate in this Web Seminar with at least a broadband connection. If you have any problems or require online assistance at any time, please contact Citrix Technical Support at 888-259-8414. Now, throughout today's presentation, you will have the opportunity to type in and ask questions. So let's talk briefly about how to do that. Go to the Control Panel, click on the Question section, enter your question, and click Send. And we'll try to cover as many questions as time allows at the end of our presentation. The two final items before we begin. FondMaker has recently released the FondMaker Training Series Basics Guide, which is a great follow-up resource to our topic today, as it details the mechanics of setting up security within your database files. And you can download it for free on FondMaker's website, or you can get it as a free download on iBooks. You also want to download a copy of the FondMaker Security Guide available for free to members of FondMaker's TechNet program. Now, if you don't have a TechNet account, you can sign up at no cost on FondMaker's website or access TechNet directly by going to the URL listed on your screen. And while the FondMaker Training Series Basics Guide covers security within your database file, this security guide details how to secure your solution across the FondMaker platform. It's now my pleasure to hand over the presentation to Rosemary. Thank you, Ryan. And welcome again, everybody. And thank you for coming to our security webinar today. So my agenda for today is to talk, first of all, about kind of the broad security environment and talk a little bit about why security matters, and then dive into some key security concepts that are important for FileMaker and any other computer system security you may be thinking about. And I'll do a deep dive on how to secure a FileMaker Pro solution, and then wrap up by showing how FileMaker Server can be part of the broader environment in the FileMaker platform to help you improve the security of your solutions even more. First, let's talk about why security matters. So I have some numbers, 740, 89, and 76. And these are kind of big numbers. They're a little scary. And let me go into a little more detail on these. A recent study found that there were 740 million data records compromised last year. 89% of those breaches were fully preventable. And 76% of those were caused by weak or compromised passwords. And that's from the Data Protection and Breach Readiness Guide published by the Online Trust Alliance. And you can download the full report from the Online Trust Alliance's website. And it's kind of shocking and frightening reading. In addition, why we talk about security with our customers is because many work in regulated environments of some sort. There's an alphabet soup of acronyms that our customers ask us about very frequently. And if your system contains medical records that are governed by the Health Insurance Portability and Accountability Act, or HIPAA, or student data, which is governed by the Family Educational Rights and Privacy Act, or FERPA, you are probably already aware of the compliance requirements and what you need to do in your FileMaker systems to build those systems as a compliance system. But if your systems contain more general PII or personally identifying information, or PCI, payment card information, you're at risk if you do not follow the requirements and best practices for handling that type of data. And that data is generally governed by industry regulations like PCI. And specifically in the case of PCI, if you suffer a breach because you're out of compliance, you may lose the ability to accept credit cards, face hefty fines, and be liable for your customer's losses. So it's very important if you're handling any type of customer data, specifically anything that is regulated or extrasensitive, that you comply with the best practices and any regulations in your industry. Next, let's move on to some key security concepts. The first broad concept is building a system where the right people have the right access to do their jobs and no more. And around that, there are two key concepts called identity and access management. In the FileMaker world, identity is the accounts and passwords that we set up in a FileMaker database. And they define who has access to a solution. And just a key point about FileMaker passwords is that we cannot recover them for you if you forget them or lose them. Those passwords are stored as a one-way hash, or they are encrypted and stored as part of your database file, and then they're never, ever decrypted. When a user goes to log into a FileMaker database, the password that they enter at the dialogue is also hashed, and then the two hashes are compared. So the passwords are encrypted, as I said, and never again decrypted. And access management in FileMaker is the privilege sets that we set up in our databases. And those define, at a very granular level, what a user can see and do in the database. And the third FileMaker concept is the concept of the extended privileges. And those delineate or describe the methods by which a user can access data in the database. Second key concept or group of concepts is the concept that unauthorized people have no access at all to solutions. And there's some things you can do to limit that unauthorized access to your FileMaker solutions. As I said earlier, most attacks result from compromised or stolen credentials. In fact, the attackers in last year's target breach use stolen credentials from one of Target's third-party vendors in a small region of the country to access their entire payment system. So very important to educate yourself and your users to use strong passwords and change them regularly. A strong password is at least a character's long and uses a mix of uppercase and lowercase letters, numbers, and symbols. And then don't use your password from any different systems and don't reuse passwords. And finally, don't write down your credentials on post-it notes and then stick that post-it on your monitor or under your keyboard or in your pencil drawer. A lot of security breaches also come through some form of social engineering. And someone just breaking into your office building and walking around can probably very quickly gain access to pretty sensitive systems simply by finding those post-its with passwords written on them. The next thing you can do to limit unauthorized people from accessing your data is to encrypt your data, both when it travels over the wire using SSL encryption, which is encryption between FileMaker Server and the clients that are accessing FileMaker Server, and also by using encryption at rest or taking your whole database file and encrypting it with AES 256-bit encryption. And once you turn on that encryption at rest, the database is encrypted wherever it is. If it's on disk, if it's on an iPad, if it's on a thumb drive, or if it's on a backup tape, and that will limit the risk of someone stealing a laptop or stealing a backup tape and then getting access to your sensitive data. And finally, just want to remind you that physical security is as important as digital security. You want to maintain control over things like laptops and iPads and use things like mobile device management and the iOS data protection by turning on a passcode on iOS devices to limit the risk of risk from those things being stolen. It's also really important to put your server in a locked room and limit access to that room. And finally, maintain control over things like backup media and thumb drives so that if those fall into the wrong hands or to limit the risk of those falling into the wrong hands. So now to take stock, we've talked a little bit about why security matters and some key concepts. So now I'm going to demonstrate and discuss how to secure your FileMaker solutions. There's really four things to think about when you secure a specific FileMaker database or group of databases. You want to turn off the auto login in FileMaker. You want to change that full access or admin account name and password. Then you'll add privileged sets and additional accounts for all the different users who will be using your system. And finally, you want to take the steps to ensure the integrity and security of the database file or files themselves. So first, we'll turn off auto login. And as you may know, as you've probably noticed when you create a brand new FileMaker database either from scratch or by using a starter solution, FileMaker automatically creates a full access account and then sets up the database to auto login so that you don't have to enter any credentials when you launch that database. So to turn off auto login, you're going to go to the file options and then just uncheck that checkbox that says login using a specific account and password. Takes about five seconds and then whenever someone opens that database they will be prompted for credentials. The next thing you want to do is secure that full access account. Secure the admin account because anyone who's used FileMaker and created databases probably knows that the default account is admin with no password. So even if you've turned on requiring a login they are going to first guess, well maybe something simple like admin for the account name and password for the password. And the more you can do to obscure those two things the better your security will be. You know so again to do that you're going to go into manage security and then double click the admin account to bring up the edit box for it and then simply add a password or to be better you want to change that account name away from admin to something else. So let's go into FileMaker and do those two things with an example database. So for this example database I'm using the equipment rental solution that you would build if you work through all the exercises in the FileMaker training series basics. So here we are, this is a solution for equipment rentals we have customers and then we have the assets that those customers rent in this database. So to start off I'm going to go into file options and uncheck login using. So now if someone tries to open this database they will be immediately prompted for credentials. Next thing I'm going to do is manage security and secure the admin account. I'm going to edit that account, change the name to be Rosemary and put in a password. Now whenever anyone tries to use this database they need to put in those full access credentials for now because that's the only account in the database. So if I close and then reopen this database I'm prompted for a password and there I am now I'm logged into that database. So now that we've secured the file a little bit let's talk about privilege sets. So privilege sets are the control how a user what a user can do once they're authenticated and have access to the database. So to edit them it's again manage security and then you click on the privilege sets tab and if you're creating or editing a privilege set there's several areas of the edit privilege set dialogue. The first is a name. In general the name is going to be a group of users. You know in our example we have two groups of users that will be using this system. One is technicians and the other is sales people. Our requirements state that technicians can edit asset data but only view customer data. They can't delete records in either table and they don't have any design capabilities in the database. And our sales team can view and edit some customer data. They can see all customers but they can only edit those customers that they are the salesperson for. So those records that they own in some concept. And for assets they can see all the assets but they cannot edit or delete assets. So to set up those privilege privileges you start in the data access and design category. And for records you probably are gonna set custom privileges so that you have control at the table record in field level of who can do what in the database. This is also where you set up the broad access to layouts and value lists and scripts. The next area is the other privileges and here this is things like printing and exporting of data. Printing also includes the Save as PDF function and exporting includes Save as Excel, copying all records to the clipboard, using this file as an import source for another database and several other functions. Other things that are important to note in the other privileges area is the checkbox to disconnect users from server when idle and allowing users to modify their password. And then you can use this privilege set dialogue to set a few simple password requirements like a change frequency and a minimum length. The last area of the edit privilege set dialogue is the extended privileges. And as I said earlier, extended privileges determine data access methods. Can this group of users access the database via the file maker network? So from FileMaker Pro and FileMaker Go. Can they access via FileMaker WebDirect? And finally that require reauthentication after the specified minutes extended privilege refers to getting back into a FileMaker database after hibernation when the database is being opened using FileMaker Go. And what you can do is set a specific timeout for how long that database is hibernated and if the hibernation is longer than that timeout, the user is then required to reauthenticate. So if you have a 10 minute timeout and you're logged in on your iPhone and you take a 15 minute phone call, when you come back into FileMaker, you'll have to reenter your credentials. If it's only five minutes, you will not have to reenter those credentials. You can also use custom extended privileges to enforce additional business rules in your system and simplify your scripting. Some examples are setting an extended privilege to allow users to run reports or not at certain times of the month or quarter or you can use them to delegate approval authority if certain users are on vacation. So once you've got all your privilege sets to find in your database, the next thing you'll do is add accounts for every single user. You don't wanna set up a single group account with a single password for a group of users. Instead, you want to set up an individual account for each user and then assign each user to a privilege set. So let's go do those two things. Again, I'm gonna go into File, Manage Security and switch to the privilege set tab. You'll notice here there are three privilege sets already defined by default in FileMaker, Full Access, DataEntryOnly and ReadOnlyAccess. If I try to edit one of these by double clicking it, you'll see that everything is grayed out. I cannot edit the default privilege sets. If you want to use this privilege set as a starting point for a new privilege set, you can duplicate it and edit from there. But in this case, I'm gonna create a new privilege set. You'll notice on my new privilege set that everything is disabled. FileMaker uses the rule of least privilege, which requires you to explicitly grant access to everything in the database. So for our technicians privilege set, I'm gonna go back to our rules. So I'm gonna set up custom privileges for the records because I don't want them to create and edit in all tables. I don't even want them to create and edit in all tables. I do need them to be able to edit in some tables. So under custom privileges, first for the customers, yes, they can view all records, but they cannot edit, create or delete, and they have access to all fields. For assets, these technicians can view and edit records, not create, not delete, and again, have access to all fields. And then I'm gonna leave any new table set to no and none. And that's simply because when I add a new table to the database, once it's all ready to go, I'll need to come back in and explicitly, again, grant access to users to that new table. And one other thing here, I do have this option under fields and all these other pop-ups to choose limited. And what limited does is lets me set a calculation. So for example, in our sales person example, we could set a custom calculation that says for customers, users can edit when the account name or the logged in user matches the owner of that customer record. Once I've got that set, I'm gonna allow all layouts and value lists to be view only and scripts to be executable but not modifiable. Now I'm gonna allow these users to print and export, disconnect them when idle and allow them to modify their own password and set in some best practice password requirements, all menu commands. And finally, give them access via the FileMaker network and FileMaker web direct. So now the technicians privilege set is ready to go and I'm ready to go in and create an account. So Ryan is one of my technicians, so I'm gonna create an account for him. I'm going to give him a password and I'm gonna require him to change that password when he first logs in and then set him up with the technician's access. Now that this is set up, again, because I've modified my security, I need to confirm that I know the full access credentials. And now I'm gonna close the database and log back in using that new account I just created for Ryan and his new password. And you'll notice, again, I have to change his password right away, create a new password and say, okay, and now I'm logged in. And if I wanna go in and say, oh, I wanna add a website for this customer, I can't because my access privileges do not allow me to edit records. But if I go over to Asset Details and scroll down and try to put in a note, like I can edit this record. So again, you want to set up accounts and privilege sets, privilege sets for every group of users or every security level, like managers, executives, and staff, and then set up accounts for every individual who will be using your database. So the next thing you can do, if you have hundreds or even a few dozen users, setting up individual accounts can be a real pain and managing those. So another option you have is to have FileMaker participate in an external authentication or your existing Active Directory or Open Directory scheme. And to do that, you tell FileMaker to create a group account that is authenticated via an external server and then match it up to a privilege set. So generally you'll have one group per privilege set. And then when a user logs in, they'll log in using their domain, their Active or Open Directory credentials. And they'll be granted access at the privilege set level. So a couple of things about external authentication. First, it requires that the database be hosted on FileMaker server. But it has some big advantages. It allows you to leverage your existing security infrastructure and let the identity experts, those people who manage your Active or Open Directory server, do what they do well, which is manage identity and passwords. It means you don't have to manage those individual accounts in FileMaker. And it also gives users single sign-on in a Windows environment. Once a user signs into their workstation with their credentials, FileMaker will pick up their authentication token and pass it on to the domain server and get back that, yes, you have access to this file or you do not. And one other thing is it means that your users only need to remember one set of credentials, one username and password. Or you can use stronger passwords because you can set more precise or more complex password rules in a domain account. You can use higher security like two factor authentication. You know, and finally, it's a good way to minimize risk from a disgruntled or laid off or dangerous employee. Because as soon as that domain account is disabled, that user will lose access to FileMaker systems in addition to all the other things that are granted through Active Directory. So let me just show you the differences in how to set up an external account. Again, manage security, oops, except I'm still logged in as my limited privilege user. So let me re-log in with full access and go to manage security. I'm gonna again create a new account and here instead of authenticating via FileMaker, it will be authenticated via the external server and I'll call this FileMaker Technicians and again, match it up to my technicians privilege set. So now anybody in Active Directory who is in the group FM underscore technicians will have access to the equipment rental system. And again, I need to confirm my own credentials to be able to do that or confirm the full access credentials. So we've now secured our database, we've set up some privilege sets. So the last thing we wanna do is ensure the integrity and security of our database file itself. And there are two things to do here. One is turn on file access control. And what this does is it limits the ability of someone using FileMaker, creating a new database and connecting up to your now secured FileMaker database to add the tables from your file to the schema in their own file. And so to do that, it's also in managed security on the file access tab. So let's go ahead and do that. So again, manage security and then the file access tab. So all I'm gonna do is say, if you want to link to this file, you need to have full access privileges. The other thing I'm going to do is I've got a second file in my FileMaker system that's used for reporting. So I'm going to explicitly give my reports file access to this database. And again, to do that, I need to log into that file, which as you've noticed, I haven't secured, but now that reports file is authorized. And what FileMaker has done is it's added a key to each file to say, okay, you file, you reports file are authorized to access data from Equipments Rentals. And now anytime I make copies of these files and move them around as a set, they'll, the copies will also be authorized. And this is a good thing if you think about it, because if you end up restoring from a backup, you want those backups to still be authorized. And if at any time you want to deauthorize, you can just click deauthorize and that will pull that key out of the, the second file and it will no longer be allowed to connect to the Equipment Rentals file. And again, I need to enter my full access credentials to be able to make a change and manage security. So the last piece of ensuring your database security is turning on encryption at rest. And this is new in FileMaker 13 and it does require FileMaker Pro Advanced to enable. And so what encryption at rest does is it protects your data when an unauthorized person gains physical access to your FileMaker file. You've lost a thumb drive. Someone steals your laptop. A backup truck or a backup tape falls off a truck. In any of those cases, an unauthorized user could try to open and maybe gain access to data inside your database. If that data is encrypted, they won't be able to make any sense of the data inside your database. One key thing, when you encrypt a file, you set up an encryption password. If you lose that encryption password, you have lost all access to your database. There's no way to recover from losing that password. So it's very important that you do know what that password is and that's a password you might want to write down but then lock in a secure place. And so to enable encryption at rest, you're gonna use the tools menu in FileMaker Pro Advanced and go to developer utilities and then set up the solution and turn on enable encryption at rest. So let me show you how to do that now. So the first thing is when you're using the developer tools, the file needs to be closed. So I'm gonna close equipment rentals and bring up developer utilities and now I'm going to add equipment rentals to the group of files that I am encrypting. If I have many files in a solution, I can encrypt them all at once. I'm just gonna rename this to be encrypted files E so that I have that copy of the file and FileMaker will always make a copy of the file and then I'm gonna put it in my encrypted files folder. Now I'm gonna collect, I'm going to specify the options I want. In this case, I'm going to enable encryption. So the first thing you'll note is there's this shared ID. The default is a timestamp, you can leave it with that. And again, this is a shared ID if I have multiple files that I'm encrypting at the same time or I want to come back later and add a file to my encryption set. As long as all these files have the same shared ID, they will be able to be encrypted and decrypted together with the same password. Next thing I need to do is specify that I do in fact know the full access password for this file. And then the last thing is I need to put in an encryption password and you want this to be a very secure password. And you want it to be pretty much a random or close to random selection of letters and numbers and other symbols. So in this case, I'm gonna type something and you'll notice it's still weak as it gets longer it becomes moderately strong. And eventually it gets to the strong meter and I do have to type it twice and eventually they match. And then I'm gonna give myself a hint. This is a special day but I challenge anyone to guess what that special day is and what my full long password says. So once I've done all of that, the last choice I have is whether or not I want to keep open storage. By default if you encrypt a database, FileMaker will also encrypt any externally stored containers with the same 256 bit encryption. If for some reason you want to keep the access to those files open, you can check this box to keep open storage of your external containers. So once I've done all of that, I'm going to click create and FileMaker will make a copy and then encrypt my file and over here in my encrypted files folder, I have a log and my encrypted file. If I double click that, the first thing I have to do is enter the encryption password, which is that long thing I typed and then I open the database. Now that the database is open, I still need to authenticate as a authorized user and once I've done that, I can then open the file. So now that file will be encrypted wherever it is and if you do not know the encryption password, you will not be able to open it. One note there, if the file is hosted on FileMaker server, only the server administrator needs to enter the encryption key or the encryption password when they first open the file. After that, FileMaker server has the database open and users will be able to authenticate as normal to that database. So now that we've secured our FileMaker database, I just wanna add a few more additional tips. The first is test everything. As you set up access and set up your privilege sets, you'll wanna have a test account for every privilege set so that you can test your scripts and layouts to make sure that they behave the way you expect them to. There's some good notes on a testing protocol in the FileMaker security guide. If you have a multi-file solution and you're using internal to FileMaker accounts, you can use the account management script steps to ease account management. For example, when you add a new account to that system, you can use scripts to propagate that account from the main file to all the other files in the solution. Next, you can use things like object visibility and scripts and script triggers to improve the user experience around security. And scripting can help you do things like manage and access log or capture record change details for an audit log. And finally, I just want to drive home the point that security through obscurity isn't security. If you want to secure a FileMaker database, use the tools that are in FileMaker of privilege sets and accounts. Don't simply hide layouts and expect that users will not find them. I mean, using good, well-defined privilege sets and accounts will protect your data from both malicious and accidental loss through user error. So now we have fully secured our FileMaker Pro solution. And now we're gonna let's host it on FileMaker server to really improve the security and take advantage of all the other tools offered in the FileMaker platform. So why do we want to host on server? First, if you've set up your server properly and put it in a locked room, it gives you physical security. It means that someone's not gonna just walk off with the data-based file itself. FileMaker server helps you minimize risks by doing things like automatic backups. And finally, server is required for external authentication for encrypting the traffic over the wire between your host and your FileMaker clients through SSL. And finally, FileMaker server gives you a file access filter so that users only see the databases they have access to when they use open remote in FileMaker Pro. And finally, FileMaker server sits in the middle of the FileMaker platform's unified security environment. If you put your database server behind a firewall and your web server in the DMZ, the security between the two using SSL will protect any traffic from network sniffers and it will also protect your core database because only the web server is outside your firewall. In addition, any security between FileMaker server and FileMaker clients, the server and web components and the server and your directory servers applies to any database that's hosted on that FileMaker server. And security settings in each file apply regardless of what kind of client is accessing the databases. So WebDirect will take advantage of your external authentication if it's set up. So there's a few places in FileMaker server admin console where you want to go to secure things. So first of all, on the security tab, you'll want to do things like turn on external authentication and secure connections to your FileMaker server. And then on the clients tab, you want to set the idle timeout because setting the idle timeout will do things like protect you from the user who walks away from their computer and stays logged in so that another user or another person can't walk up to their computer and start accessing the database when their computer is idle. So here's a screenshot of those settings and now let me go in and demonstrate securing FileMaker server. So I'm going to switch to my web browser and bring up the admin console and start by going to the database server area and the security tab. So I've already got my server set up for FileMaker and external server accounts. Then I'm going to turn on the file display filter and finally I'm going to require secure connections to the server and still turn on progressive downloading so that users who are accessing movies or large PDFs can get them as chunks and don't have to wait for the full download to happen first. And then I'm going to save those changes. Next, I'll set the idle timeout by switching to the FileMaker clients tab and setting that maximum idle time to maybe 10 minutes so that if a user walks away and isn't actively using the database, they're going to be forcibly logged out of the database and required to log back in when they come back to their desk. Let me save that change as well. So now I've done some things to, again, secure my FileMaker environment on the server. And there are a few more things that you can do to go even further and the details on how to do all of these are in the FileMaker security guide. You should secure your SMTP warnings via SSL so that email sent via FileMaker server and warnings sent from FileMaker server are encrypted when you're connecting to the mail server. You can set up administrator groups so that individual DBAs don't have to have full access to everything on your FileMaker server. And finally, turn on email notifications for warnings and errors and monitor your access logs to see if users are trying and failing repeatedly to access your FileMaker systems. And finally, I'm just going to leave you with a thought that risk is what is left over after we think we have thought of everything. And what that's really saying is, think of as much as you can, but still take those steps in your FileMaker solutions and in all of your IT systems to minimize the risk so that you don't have to think of everything. And with that, I'm going to turn the session back over to Ryan for questions and answers. Thanks, Rosemary. Fantastic presentation. And thanks to everyone who is asking questions throughout the demo. We had a lot of participation right here. And we'll try to answer as many questions as we can. And we'll start with this one right now. Are the backups of encrypted databases encrypted as well? Yes, backups are also encrypted. So if you turn on that encryption at rest, wherever your file is, it will be encrypted including on backup tapes or other backup media. Excellent. So the next question, is there a way to set requirements for passwords? For example, you must contain an uppercase, lowercase, numbers, or special characters. FileMaker does not have any place where you can require password complexity. The only setting you have is in the defining of privilege sets, you can define a minimum length. If you need to enforce password complexity rules, you need to use external authentication because both Active Directory and Open Directory do give you the ability to require a degree of password complexity. Perfect. All right, the next question. Can you change your password using WebDirect? Can you change your password using WebDirect? I do not think that a WebDirect user can directly change their password as you can in FileMaker Pro with the change password menu command, but you could use the account management scripts to give a user a scripted ability to change their WebDirect password. Again, provided you're using FileMaker authenticated accounts. Excellent. Okay, so I think we'll do about two more questions here. When encrypting files, is every object in the database encrypted or is it just the data? When you encrypt a file, everything that's stored in the database is encrypted, and then the default behavior is to also encrypt those externally stored containers. So yes, everything is encrypted. Perfect. Okay, so the last question for the day. Should you have more than one full access account in your file? So, I recommend that you have an account for every user in the file. So if you have three developers working on a file, you should have probably three full access accounts. But I would also recommend that those users, if they're just going to be using the database and not doing development, log in with access restricted to whatever their normal role would be. Simply to, again, minimize the accidental risk of data loss and damage to your database. Perfect. Okay, so let's talk about some next steps. I mean, we already talked about the FileMaker training series basics guide and the FileMaker security guide is a great follow-up to the session. But if you're ready to consider licensing and want to purchase more than five seats, you want to contact your volume licensing sales rep at either the URL posted at the top of your screen or you can call at 1-800-725-2747. And FileMaker currently offers an annual volume licensing program with monthly prices starting as low as $9 for FileMaker Pro and $29 for FileMaker Server. We have another great list of resources here. We talked about, again, the FileMaker security guide, which you can access at this URL here. I'd also want to add another resource. If you go to FileMaker's website, the FileMaker training page, it's a great link for videos and tutorials, place of research, self-paced and instructor-led training and further information about FileMaker certification program. And with that, we'll wrap it up. On behalf of Rosemary and FileMaker, it's been our pleasure to talk to you today and we'll talk to you again next time.