[FX.php List] [OFF] Filemaker Web Security?

Joel Shapiro jsfmp at earthlink.net
Thu Sep 4 12:41:19 MDT 2008 

Thanks all who responded.

I'm trying to find out specifically what the client is looking for,  
and what the concerns are.

Best,
-Joel


On Sep 4, 2008, at 2:02 AM, Tim 'Webko' Booth wrote:

>
> On 04/09/2008, at 6:35 PM, Leo R. Lundgren wrote:
>
>> OK. Yes that's the impression I've gotten, utter silence. I  
>> haven't checked, but I wouldn't be surprised not to find anything  
>> like a changelog or a list of security fixes that have been taken  
>> care of in the various updates and so on. It's a shame!
>>
>> I only know one thing for sure; No application have zero security  
>> issues, and surely not Filemaker :)
>
> Correct.
>
> However, FM (in my opinion) has always followed a security by  
> obscurity approach - if you read release notes carefully, you may  
> find an oblique reference to what may have been a security issue is  
> a version that has been rectified. Not often, and not by open  
> disclosure.
>
> This is not unusual in proprietary software though - most of the  
> software that has open disclosure is also open source and has a  
> community of like-minded people developing it rather than through a  
> software house. Or it has soooooo many users that flaws can be  
> widely publicised (Adobe springs to mind for that).
>
> Also, TechTalk etc does not usually carry any official FM  
> communication about anything - the main people there are fellow  
> developers, although FM do have some active people who seem to do  
> it in their spare time.
>
> And there was at least one doozy of a web hole back in v4 and 5  
> that has been fixed these days.
>
> OTOH, even though I knew about  the hole, and it was actually  
> described in the docs (feature, not bug), and I took steps to block  
> it, that filter was *never* triggered over a period of 5 years that  
> I ran vulnerable versions. Make of that what you will (see para 2)
>
> Cheers
>
> Webko
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list