[FX.php List] [OFF] Filemaker Web Security?

Gjermund Gusland Thorsen ggt667 at gmail.com
Thu Sep 4 01:35:54 MDT 2008


Most of FileMaker's vulnerabilities are local.

ggt

2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
> I would interpret that question as if they are asking if there is any
> service where you can be sure to either find or automatically recieve from,
> security notifications about vulnerabilities in Filemaker, when they are
> discovered and disclosed. Many vendors have this, for example freebsd.org
> has a mailing list that sends out notifications of vulnerabilities, what
> products they affect, impacts, possible workarounds, and solutions/patches.
> There are also other vulnerability sites which publish vulnerabilities for
> various products.
>
> I do not know if Filemaker has anything like this, I'm sure someone else
> does though. My impression is that it's quite quiet regarding
> vulnerabilities for Filemaker.
>
> In any case, in your scenario, as you say, the PHP frontend (your code) and
> the Windows Server itself are probably the primary targets.
>
>
> 3 sep 2008 kl. 21.19 skrev Joel Shapiro:
>
>> Hi all
>>
>> I just received the following question from the IT person at a client of
>> mine and I'm not sure what they're asking for.  Can anybody offer me a clue
>> on how to best respond?
>>
>> They wrote:
>> "Given the number of web site compromises that have occurred, I am
>> wondering about Filemaker server security. Is there a security notification
>> service for Filemaker about vulnerabilities? I worry about possible
>> compromises to the web based FileMaker site on our server."
>>
>> They are running FMSA9 & FX.php on Windows Server 2003 (one-machine
>> config).  The site has a valid SSL cert., the machine is behind a firewall
>> (such that you need VPN access to open the DB remotely), & FMS has Secure
>> Connections (SSL) enabled between FMS & the WPE.
>>
>> They've been up and running for over two years.  I upgraded them to FMS9
>> over the summer, and they made sure their OS was fully up-to-date
>> beforehand.
>>
>> What kind of " security notification service" might they be looking for?
>>
>> TIA,
>> -Joel
>>
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> -|
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


More information about the FX.php_List mailing list