[FX.php List] [OFF] Filemaker Web Security?

Leo R. Lundgren leo at finalresort.org
Thu Sep 4 02:12:17 MDT 2008 

Sorry, I meant to ask what resources are available, such as possible  
mailing lists where Filemaker publishes these kinds of things? I know  
there's a TechNet, but in my opinion, one shouldn't have to cash up  
extra in order to enjoy security notices. I did a quick look in  
Filemaker.com but couldn't find anything but the downloads section  
with updates to the products, which isn't the same thing as recieving  
notices when there's some security issue to be handled.

4 sep 2008 kl. 09.53 skrev Gjermund Gusland Thorsen:

> Well, locally you can pick apart the files and dig out the passwords.
>
> 2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
>> Do you know what the best source for knowing about any Filemaker
>> vulnerabilities, local or nonm-local, is?
>>
>>
>> 4 sep 2008 kl. 09.35 skrev Gjermund Gusland Thorsen:
>>
>>> Most of FileMaker's vulnerabilities are local.
>>>
>>> ggt
>>>
>>> 2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
>>>>
>>>> I would interpret that question as if they are asking if there  
>>>> is any
>>>> service where you can be sure to either find or automatically  
>>>> recieve
>>>> from,
>>>> security notifications about vulnerabilities in Filemaker, when  
>>>> they are
>>>> discovered and disclosed. Many vendors have this, for example  
>>>> freebsd.org
>>>> has a mailing list that sends out notifications of  
>>>> vulnerabilities, what
>>>> products they affect, impacts, possible workarounds, and
>>>> solutions/patches.
>>>> There are also other vulnerability sites which publish  
>>>> vulnerabilities
>>>> for
>>>> various products.
>>>>
>>>> I do not know if Filemaker has anything like this, I'm sure  
>>>> someone else
>>>> does though. My impression is that it's quite quiet regarding
>>>> vulnerabilities for Filemaker.
>>>>
>>>> In any case, in your scenario, as you say, the PHP frontend  
>>>> (your code)
>>>> and
>>>> the Windows Server itself are probably the primary targets.
>>>>
>>>>
>>>> 3 sep 2008 kl. 21.19 skrev Joel Shapiro:
>>>>
>>>>> Hi all
>>>>>
>>>>> I just received the following question from the IT person at a  
>>>>> client of
>>>>> mine and I'm not sure what they're asking for.  Can anybody  
>>>>> offer me a
>>>>> clue
>>>>> on how to best respond?
>>>>>
>>>>> They wrote:
>>>>> "Given the number of web site compromises that have occurred, I am
>>>>> wondering about Filemaker server security. Is there a security
>>>>> notification
>>>>> service for Filemaker about vulnerabilities? I worry about  
>>>>> possible
>>>>> compromises to the web based FileMaker site on our server."
>>>>>
>>>>> They are running FMSA9 & FX.php on Windows Server 2003 (one- 
>>>>> machine
>>>>> config).  The site has a valid SSL cert., the machine is behind a
>>>>> firewall
>>>>> (such that you need VPN access to open the DB remotely), & FMS has
>>>>> Secure
>>>>> Connections (SSL) enabled between FMS & the WPE.
>>>>>
>>>>> They've been up and running for over two years.  I upgraded  
>>>>> them to FMS9
>>>>> over the summer, and they made sure their OS was fully up-to-date
>>>>> beforehand.
>>>>>
>>>>> What kind of " security notification service" might they be  
>>>>> looking for?
>>>>>
>>>>> TIA,
>>>>> -Joel
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>>>
>>>> -|
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>>
>> -|
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list


-|

More information about the FX.php_List mailing list