[FX.php List] [OFF] Filemaker Web Security?

Gjermund Gusland Thorsen ggt667 at gmail.com
Thu Sep 4 01:53:32 MDT 2008


Well, locally you can pick apart the files and dig out the passwords.

2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
> Do you know what the best source for knowing about any Filemaker
> vulnerabilities, local or nonm-local, is?
>
>
> 4 sep 2008 kl. 09.35 skrev Gjermund Gusland Thorsen:
>
>> Most of FileMaker's vulnerabilities are local.
>>
>> ggt
>>
>> 2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
>>>
>>> I would interpret that question as if they are asking if there is any
>>> service where you can be sure to either find or automatically recieve
>>> from,
>>> security notifications about vulnerabilities in Filemaker, when they are
>>> discovered and disclosed. Many vendors have this, for example freebsd.org
>>> has a mailing list that sends out notifications of vulnerabilities, what
>>> products they affect, impacts, possible workarounds, and
>>> solutions/patches.
>>> There are also other vulnerability sites which publish vulnerabilities
>>> for
>>> various products.
>>>
>>> I do not know if Filemaker has anything like this, I'm sure someone else
>>> does though. My impression is that it's quite quiet regarding
>>> vulnerabilities for Filemaker.
>>>
>>> In any case, in your scenario, as you say, the PHP frontend (your code)
>>> and
>>> the Windows Server itself are probably the primary targets.
>>>
>>>
>>> 3 sep 2008 kl. 21.19 skrev Joel Shapiro:
>>>
>>>> Hi all
>>>>
>>>> I just received the following question from the IT person at a client of
>>>> mine and I'm not sure what they're asking for.  Can anybody offer me a
>>>> clue
>>>> on how to best respond?
>>>>
>>>> They wrote:
>>>> "Given the number of web site compromises that have occurred, I am
>>>> wondering about Filemaker server security. Is there a security
>>>> notification
>>>> service for Filemaker about vulnerabilities? I worry about possible
>>>> compromises to the web based FileMaker site on our server."
>>>>
>>>> They are running FMSA9 & FX.php on Windows Server 2003 (one-machine
>>>> config).  The site has a valid SSL cert., the machine is behind a
>>>> firewall
>>>> (such that you need VPN access to open the DB remotely), & FMS has
>>>> Secure
>>>> Connections (SSL) enabled between FMS & the WPE.
>>>>
>>>> They've been up and running for over two years.  I upgraded them to FMS9
>>>> over the summer, and they made sure their OS was fully up-to-date
>>>> beforehand.
>>>>
>>>> What kind of " security notification service" might they be looking for?
>>>>
>>>> TIA,
>>>> -Joel
>>>>
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>>
>>> -|
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> -|
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


More information about the FX.php_List mailing list