Web Companion Security

Vaughan · March 8, 2001

Specifically what kind of vulnerability did they find? Was it Mac or Windows?

What version FMP and is the progam patched to the latest level?

jimpres · March 8, 2001

The web security admin

jimpres · March 8, 2001

A security sweep of our NT server with Filmaker

Pro 5 unlimited on it showed we were vulberable to hackers. The web companion allowed averlaying of long HTTP GET requests. And it could overright the stack. This allows hackers to execute their code on our machine.

Vaughan · March 10, 2001

Ok, but remember Web Companion isn't a "typical" or "normal" web server: it's designed solely as an interface to FMP. So even if there is a vulnerability, web companion might not understand or process the code anyway.

I'd be more worried about shared databases without passwords etc.

Anatoli · March 11, 2001

quote:

Originally posted by jimpres:

A security sweep of our NT server with Filmaker

Pro 5 unlimited on it showed we were vulberable to hackers. The web companion allowed averlaying of long HTTP GET requests. And it could overright the stack. This allows hackers to execute their code on our machine.

Suggestion: run WebCompanion on separate machine and serve the Web trough main NT IIS with WebConnector. That way al the security is provided by IIS machine.

Sign In

Web Companion Security

Recommended Posts

Vaughan

jimpres

jimpres

Vaughan

Anatoli

Create an account or sign in to comment

Create an account

Sign in

Similar Content

FMP 11 Advanced: Password protect individual records?

Image in Web Viewer won't show up in IWP

Instant Web Publishing Auto-Login + Passing Variable

IWP URL - editing the page that says "Check the URL you are using to access FileMaker WebDirect"

SuperContainer suddenly not worlking in IWP, FMPA 12

Browse

Site Support

Forums

Blogs

Marketplace

Activity

Important Information