[FX.php List] [OFF] Filemaker Web Security?

Gjermund Gusland Thorsen ggt667 at gmail.com
Thu Sep 4 02:13:57 MDT 2008


Well as most proprietary applications, such things as security is not heard of,
and if anyone ever reports such an issue, it will be solved in
silence, and updgrade will be issued IMO.

FileMaker is not exactly open on these issues.

ggt

2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
> Sorry, I meant to ask what resources are available, such as possible mailing
> lists where Filemaker publishes these kinds of things? I know there's a
> TechNet, but in my opinion, one shouldn't have to cash up extra in order to
> enjoy security notices. I did a quick look in Filemaker.com but couldn't
> find anything but the downloads section with updates to the products, which
> isn't the same thing as recieving notices when there's some security issue
> to be handled.
>
> 4 sep 2008 kl. 09.53 skrev Gjermund Gusland Thorsen:
>
>> Well, locally you can pick apart the files and dig out the passwords.
>>
>> 2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
>>>
>>> Do you know what the best source for knowing about any Filemaker
>>> vulnerabilities, local or nonm-local, is?
>>>
>>>
>>> 4 sep 2008 kl. 09.35 skrev Gjermund Gusland Thorsen:
>>>
>>>> Most of FileMaker's vulnerabilities are local.
>>>>
>>>> ggt
>>>>
>>>> 2008/9/4 Leo R. Lundgren <leo at finalresort.org>:
>>>>>
>>>>> I would interpret that question as if they are asking if there is any
>>>>> service where you can be sure to either find or automatically recieve
>>>>> from,
>>>>> security notifications about vulnerabilities in Filemaker, when they
>>>>> are
>>>>> discovered and disclosed. Many vendors have this, for example
>>>>> freebsd.org
>>>>> has a mailing list that sends out notifications of vulnerabilities,
>>>>> what
>>>>> products they affect, impacts, possible workarounds, and
>>>>> solutions/patches.
>>>>> There are also other vulnerability sites which publish vulnerabilities
>>>>> for
>>>>> various products.
>>>>>
>>>>> I do not know if Filemaker has anything like this, I'm sure someone
>>>>> else
>>>>> does though. My impression is that it's quite quiet regarding
>>>>> vulnerabilities for Filemaker.
>>>>>
>>>>> In any case, in your scenario, as you say, the PHP frontend (your code)
>>>>> and
>>>>> the Windows Server itself are probably the primary targets.
>>>>>
>>>>>
>>>>> 3 sep 2008 kl. 21.19 skrev Joel Shapiro:
>>>>>
>>>>>> Hi all
>>>>>>
>>>>>> I just received the following question from the IT person at a client
>>>>>> of
>>>>>> mine and I'm not sure what they're asking for.  Can anybody offer me a
>>>>>> clue
>>>>>> on how to best respond?
>>>>>>
>>>>>> They wrote:
>>>>>> "Given the number of web site compromises that have occurred, I am
>>>>>> wondering about Filemaker server security. Is there a security
>>>>>> notification
>>>>>> service for Filemaker about vulnerabilities? I worry about possible
>>>>>> compromises to the web based FileMaker site on our server."
>>>>>>
>>>>>> They are running FMSA9 & FX.php on Windows Server 2003 (one-machine
>>>>>> config).  The site has a valid SSL cert., the machine is behind a
>>>>>> firewall
>>>>>> (such that you need VPN access to open the DB remotely), & FMS has
>>>>>> Secure
>>>>>> Connections (SSL) enabled between FMS & the WPE.
>>>>>>
>>>>>> They've been up and running for over two years.  I upgraded them to
>>>>>> FMS9
>>>>>> over the summer, and they made sure their OS was fully up-to-date
>>>>>> beforehand.
>>>>>>
>>>>>> What kind of " security notification service" might they be looking
>>>>>> for?
>>>>>>
>>>>>> TIA,
>>>>>> -Joel
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> FX.php_List mailing list
>>>>>> FX.php_List at mail.iviking.org
>>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>>>
>>>>> -|
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>>
>>> -|
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> -|
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


More information about the FX.php_List mailing list