[FX.php List] [OFF] Filemaker Web Security?

Leo R. Lundgren leo at finalresort.org
Thu Sep 4 01:45:42 MDT 2008 

Do you know what the best source for knowing about any Filemaker  
vulnerabilities, local or nonm-local, is?


4 sep 2008 kl. 09.35 skrev Gjermund Gusland Thorsen:

> Most of FileMaker's vulnerabilities are local.
>
> ggt
>
> 2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
>> I would interpret that question as if they are asking if there is any
>> service where you can be sure to either find or automatically  
>> recieve from,
>> security notifications about vulnerabilities in Filemaker, when  
>> they are
>> discovered and disclosed. Many vendors have this, for example  
>> freebsd.org
>> has a mailing list that sends out notifications of  
>> vulnerabilities, what
>> products they affect, impacts, possible workarounds, and solutions/ 
>> patches.
>> There are also other vulnerability sites which publish  
>> vulnerabilities for
>> various products.
>>
>> I do not know if Filemaker has anything like this, I'm sure  
>> someone else
>> does though. My impression is that it's quite quiet regarding
>> vulnerabilities for Filemaker.
>>
>> In any case, in your scenario, as you say, the PHP frontend (your  
>> code) and
>> the Windows Server itself are probably the primary targets.
>>
>>
>> 3 sep 2008 kl. 21.19 skrev Joel Shapiro:
>>
>>> Hi all
>>>
>>> I just received the following question from the IT person at a  
>>> client of
>>> mine and I'm not sure what they're asking for.  Can anybody offer  
>>> me a clue
>>> on how to best respond?
>>>
>>> They wrote:
>>> "Given the number of web site compromises that have occurred, I am
>>> wondering about Filemaker server security. Is there a security  
>>> notification
>>> service for Filemaker about vulnerabilities? I worry about possible
>>> compromises to the web based FileMaker site on our server."
>>>
>>> They are running FMSA9 & FX.php on Windows Server 2003 (one-machine
>>> config).  The site has a valid SSL cert., the machine is behind a  
>>> firewall
>>> (such that you need VPN access to open the DB remotely), & FMS  
>>> has Secure
>>> Connections (SSL) enabled between FMS & the WPE.
>>>
>>> They've been up and running for over two years.  I upgraded them  
>>> to FMS9
>>> over the summer, and they made sure their OS was fully up-to-date
>>> beforehand.
>>>
>>> What kind of " security notification service" might they be  
>>> looking for?
>>>
>>> TIA,
>>> -Joel
>>>
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>>
>> -|
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list


-|

More information about the FX.php_List mailing list