Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Security : Sharing Hosted Databases

Krishan

By Krishan
in Custom Web Publishing

 Share

This topic is 7821 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Krishan Collaborator

Krishan

Posted
Posted

Dear All...

What are your workarounds for the below article taken from http://www.filemaker.com/ti/108462.html

confused.gifgrin.giflaugh.gifcool.gifblush.gif Krishan

Security Considerations When Sharing Hosted Databases

------------------------------------------------------------------------

Who Should Read This Article:

Customers who are sharing hosted FileMaker databases.

Problem Summary:

FileMaker hosts will send database passwords in an obscured format to FileMaker Pro clients during password verification. The client software performs the validation that a user-entered password is valid before allowing access to the database. This could create an opportunity for an attacker to obtain and use passwords.

Affected Products:

FileMaker Pro 6.0 or earlier

FileMaker Pro 6.0 Unlimited or earlier

FileMaker Server 5.5 or earlier

Affected Platforms:

Windows

Mac OS

Linux

Impact:

This impacts hosted database files using FileMaker Pro peer-to-peer sharing or FileMaker Server hosting databases to FileMaker Pro clients, in environments that are subject to attack; for example, a database which is publicly accessible on the Internet accessible via TCP/IP.

In some environments, this may enable an attacker to obtain these obscured passwords while monitoring unsecured network traffic, or attempting to access databases using a copy of FileMaker Pro; once obtained, an attacker may attempt to decipher and then use these passwords to read or modify data inappropriately.

Product Update Available:

None

Workaround:

If security of passwords and access control to the database is important to your organization, consider taking the following actions:

Krishan Collaborator

Krishan

Posted
  • Author
Posted

Well, is it a problem?

Why did FileMaker issue this article?

Is it easy to hack a filemaker database and find out the password?

Krishan smile.gif

ernst Proficient

ernst

Posted
Posted

I think this is a lawyer-drive-technote.

I don't think that it's easy, but undoubtedly possible, to hack the passwords.

I've seen password-crack programs for FMPro that worked with version 2 and 3. Never seen anything for later versions. And you needed access to the file for those programs.

Regards,

Ernst.

CyberSport Enthusiast

CyberSport

Posted
Posted

I kind of agree with Krishan about it being a bit worrisome that they have brought this up. My clients (universities/colleges) are constantly trying to find the ways in which Filemaker would violate security standards on a campus, and the fact that Filemaker would publish this warning raises a huge red flag for them.

I think the problem is that they felt a need to write the note. Has there been a specific instance of somebody capturing the passwords over the network? Has anyone ever heard of using SSL between Server and Unlimited or otherwise securing that traffic?

Bevin

Anatoli Grand Master

Anatoli

Posted
Posted

RE: Has anyone ever heard of using SSL between Server and Unlimited or otherwise securing that traffic?

Why FMS and FMU? They should sit behind Firewall.

RE: Has there been a specific instance of somebody capturing the passwords over the network?

The network should be protected from outside hackers, shouldn't it?

This topic is 7821 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept