Jump to content

  •  

UPGRADE DEADLINE - SEPTEMBER 26, 2014!
FileMaker Inc. has a deadline for users of version 10,11, 12 as Individual box or volume licenses (with expired maintenance).
If you don't renew your maintenance and upgrade to FMP 13 you will no longer be eligible to upgrade, at the discount pricing.

Volume Licensing upgrade pricing for FileMaker Pro 13, FileMaker Pro 13 Advanced and FileMaker Server 13 will be discontinued.
Individual upgrade pricing for FileMaker Pro 13 and FileMaker Pro 13 Advanced will increase after September 26, 2014.
As of 27-September-2014, FileMaker 10 products will no longer be available for purchase or support.

http://help.filemaker.com/app/answers/detail/a_id/13865


Photo

An Exploit-Based Approach To Providing FileMaker Platform Security


  • Please log in to reply
1 reply to this topic

#1 Steven H. Blackwell  Humble Servant

Steven H. Blackwell
  • Moderators
  • 4,750 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Expert
  • Certification:7, 8, 9, 10, 11, 12
  • Membership:FileMaker Business Alliance, FIleMaker Platinum Member
  • Time Online: 9d 1h 58m 10s

Posted 15 July 2014 - 07:13 AM

Over the past dozen years, I have discussed in a number of venues the necessity for robust security practices and the techniques needed to implement them on the FileMaker Platform. Such discussions have as their underlying framework a fairly traditional Information Security paradigm.

There are Threat Agents who seek to initiate Exploits or Threats that negatively Impact the Confidentiality, Integrity, and Availability of FileMaker Platform systems or other Digital Assets. These attacks also can damage the Resilience of the Digital Asset. These Threat Agents exploit a Vulnerability in the design or the deployment of the FileMaker systems. FileMaker Platform developers and FileMaker Server Administrators must assess the Risk that a Threat Agent will use a Vulnerability to trigger an Exploit that attacks the FileMaker Platform system.


I have learned that developers, after some examination of this concept, do understand it. And I have also learned is this: In many instances, developers do not see how these circumstances impact them. They do not connect the Information Security Paradigm model with their on-the-ground implementation of solutions built on the FileMaker Platform. That is what I intend to address in this paper.


I am going to describe some exploits and threats that target commonly-found vulnerabilities. And I will explain how to close those vulnerabilities. There are six significant and common exploits that can be run against FileMaker Platform systems. Each takes advantage of one or more of seven vulnerabilities to compromise Confidentiality, Integrity, or Availability or to damage Resilience of the system and its data. Each can be easy to trigger, and each can do significant damage.

Read more here:

http://www.fmpug.com/resources/exploit-based-approach-to-filemaker-security

View the full article
  • 0

#2 ggt667  newbie

ggt667
  • Members
  • 44 posts
  • LocationTellus
  • FM Application:11 Advance
  • Platform:Cross Platform
  • Skill Level:Intermediate
  • Membership:TechNet
  • Time Online: 15h 1m 42s

Posted 15 July 2014 - 09:21 PM

The only weakness I have seen in FileMaker is named Java.


  • 0

Co-author: FX.php, pyFileMaker, netatalk, +++

 

http://wethecomputer...t.blogspot.com/





FMForum Advertisers