[FX.php List] [OFF] Filemaker Web Security?

Tim 'Webko' Booth tim at nicheit.com.au
Thu Sep 4 03:02:35 MDT 2008


On 04/09/2008, at 6:35 PM, Leo R. Lundgren wrote:

> OK. Yes that's the impression I've gotten, utter silence. I haven't  
> checked, but I wouldn't be surprised not to find anything like a  
> changelog or a list of security fixes that have been taken care of  
> in the various updates and so on. It's a shame!
>
> I only know one thing for sure; No application have zero security  
> issues, and surely not Filemaker :)

Correct.

However, FM (in my opinion) has always followed a security by  
obscurity approach - if you read release notes carefully, you may find  
an oblique reference to what may have been a security issue is a  
version that has been rectified. Not often, and not by open disclosure.

This is not unusual in proprietary software though - most of the  
software that has open disclosure is also open source and has a  
community of like-minded people developing it rather than through a  
software house. Or it has soooooo many users that flaws can be widely  
publicised (Adobe springs to mind for that).

Also, TechTalk etc does not usually carry any official FM  
communication about anything - the main people there are fellow  
developers, although FM do have some active people who seem to do it  
in their spare time.

And there was at least one doozy of a web hole back in v4 and 5 that  
has been fixed these days.

OTOH, even though I knew about  the hole, and it was actually  
described in the docs (feature, not bug), and I took steps to block  
it, that filter was *never* triggered over a period of 5 years that I  
ran vulnerable versions. Make of that what you will (see para 2)

Cheers

Webko


More information about the FX.php_List mailing list