Jump to content
Sign in to follow this  

Standalone Supercontainer security question

Recommended Posts

greetings all!  A question for the network security gurus: I have Supercontainer running in standalone mode.  My router has port forwarding to the machine (Mac-mini).  My credit card vendor requires security IP address scans and I am failing due to the port forwarding on the router.  what is best practice?  I am using a router flashed with Tomato Shibby.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Similar Content

    • By dataclip
      We have a webdirect app for customers. They can logon and see their account information. As part of this solution I use supercontainer to show customer files, for example pdf invoices.
      Recently we upgaded from FMS13 to FMS16. I reinstalled supercontainer. However ,after the update the files no longer show in the app.
      for example: https://ipaddress/SuperContainer/Files/528CD212-1951-D44C-AFEB-302ECE376F91/1018-1192-17664_0.pdf
      I see a message no file choosen.
      The folder and file do exist inside the Supercontainer fodler.
      Any ideas why the file is not displayed??
      Joost Kingma
    • By MSPJ
      Hi - I'm developing a business solution to be hosted on FM Server.  It will be hosted on Soliant Cloud.  This is my first time developing for Server.  I read Steven and Wim's whitepaper on FM 16 security, which was very helpful.
      In the past, when I've created upgrades to my solution, I've imported data from the previous version into the new one. Each update is a modified version of the previous file. 
      I read about the benefits of using File Access Protection. My solution is a single file solution so I can basically exclude any other file having access - except I'm not sure what impact that will have on import from previous versions.  I assume both files will have the same ID - but not sure if that means that FM will see the older version as trusted or not. 
    • By cbum
      Our institution is now requiring PHI-containing databases to log not just modifications to records, but to log every access/viewing of any record. They want to be able to respond to the question "Who has looked at my medical record, even with no change to the record?".
      I am not aware how to achieve this with FM, do any of the add-on programs have such features?
      I am facing the forced elimination of a critical database, built over 15 yrs, if this cannot be achieved.
      Thanks for any suggestions.
    • By jstewart30
      Running FMS 13 and trying to run a simple PHP page from my website to access a database, but I'm only getting a blank page.  Not sure if it's a port forwarding issue or a PHP issue, or something else.  If I put my .php file and the includes ("FileMaker.php" file and "FileMaker" folder from the FMS PHP .zip file) in the fmi-test folder on my FM server and access it locally (http://localhost/fmi-test/myphpfile.php), the PHP file works fine and returns data, so I don't think it has any inherent issues, and presumably my FMS is set up correctly.  Putting the same .php file and includes on my web server, though, results in a blank page only.  The includes are in the same directory as the php file itself.  Here's the php file (I've changed the IP address and database names to protect the innocent but they're correct):
      ini_set('display_errors', 1);
      include_once('FileMaker.php');  /* have also used require, include, and require_once with no change */

      $fm = new FileMaker("MyDatabase", "http://myfilemakerserver:8888", "Admin", "");   /*no password*/
      $findCommand = $fm->newFindCommand("MyDatabase");
      $findCommand->addFindCriterion("Phone", "303-555-1234");
      $findCommand->setRange(0, 1);
      $result = $findCommand->execute();
      if (FileMaker::isError($result)) {
      $record = $result->getFirstRecord();
      $name = $record->getField("Customer Name");
      $status = $record->getField("Status");
      echo("$name - $status");
      Infuriatingly I get no errors or feedback, just a blank page when I run this file from my website (but again it works fine locally on the FM server machine). I've confirmed PHP is working on my website as I can do a simple phpinfo() file in the same directory and it runs fine and displays the PHP info.  If I direct a web browser to the same "http://myfilemakerserver:8888" (not the real address obviously, but it is port 8888) I get the "Filemaker Database Server Website" page, so the port forwarding seems to be correct.  I have port 8888 forwarding to port 80 of my FM Server.  I don't have port 443 forwarded to that machine as that's being used for another device on our network, but I assume if I'm not making "https" requests that it should work fine (but maybe that's my problem?).  
      I assume it's just something simple but I've been beating my head against a wall for the better part of the day on this.  Any help would be greatly appreciated.
    • By wedgeman
      We are working on a process for passing certain info nuggets out of a solution (FMP 13) in an encrypted method.
      For various reasons a version upgrade isn't feasible. So the plan is to encrypt the nuggets, then pass them into a format for transport.
      Currently, we're using Applescript to pass the particular fields into an AES-256-CBC encryption process in a calculated Applescript step, as follows :
      The problems which concern me here:
      1. The password is "traveling" into Terminal in plaintext.   Is there a way this can be viewed during the process (a 'ps' or some other method)??
      2. Is there a better method to accomplish this without running as an echo?
      I've tried various flavors of this process (successful encryption & transport, etc), but am most concerned about the potential vulnerability from within OSX.. I've run various flavors, then attempted to grep for any of the password strings in log files and Library/Application Support/ folders, but haven't found anything...
      Is this an unfounded issue, or should I be going a different direction?
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.