Dear All...

What are your workarounds for the below article taken from http://www.filemaker.com/ti/108462.html

Krishan

Security Considerations When Sharing Hosted Databases

------------------------------------------------------------------------

Who Should Read This Article:

Customers who are sharing hosted FileMaker databases.

Problem Summary:

FileMaker hosts will send database passwords in an obscured format to FileMaker Pro clients during password verification. The client software performs the validation that a user-entered password is valid before allowing access to the database. This could create an opportunity for an attacker to obtain and use passwords.

Affected Products:

FileMaker Pro 6.0 or earlier

FileMaker Pro 6.0 Unlimited or earlier

FileMaker Server 5.5 or earlier

Affected Platforms:

Windows

Mac OS

Linux

Impact:

This impacts hosted database files using FileMaker Pro peer-to-peer sharing or FileMaker Server hosting databases to FileMaker Pro clients, in environments that are subject to attack; for example, a database which is publicly accessible on the Internet accessible via TCP/IP.

In some environments, this may enable an attacker to obtain these obscured passwords while monitoring unsecured network traffic, or attempting to access databases using a copy of FileMaker Pro; once obtained, an attacker may attempt to decipher and then use these passwords to read or modify data inappropriately.

Product Update Available:

None

Workaround:

If security of passwords and access control to the database is important to your organization, consider taking the following actions:

And??? Everything is just normal FM day to day operation. What is the problem?

Well, is it a problem?

Why did FileMaker issue this article?

Is it easy to hack a filemaker database and find out the password?

Krishan

I think this is a lawyer-drive-technote.

I don't think that it's easy, but undoubtedly possible, to hack the passwords.

I've seen password-crack programs for FMPro that worked with version 2 and 3. Never seen anything for later versions. And you needed access to the file for those programs.

Regards,

Ernst.

Again, what is the problem? The article just explains mechanism how FM is working. And? Where you have the problem with that?

I kind of agree with Krishan about it being a bit worrisome that they have brought this up. My clients (universities/colleges) are constantly trying to find the ways in which Filemaker would violate security standards on a campus, and the fact that Filemaker would publish this warning raises a huge red flag for them.

I think the problem is that they felt a need to write the note. Has there been a specific instance of somebody capturing the passwords over the network? Has anyone ever heard of using SSL between Server and Unlimited or otherwise securing that traffic?

Bevin

RE: Has anyone ever heard of using SSL between Server and Unlimited or otherwise securing that traffic?

Why FMS and FMU? They should sit behind Firewall.

RE: Has there been a specific instance of somebody capturing the passwords over the network?

The network should be protected from outside hackers, shouldn't it?