Jump to content

Web Companion Security

Vaughan

By Vaughan
in Other Internet Technologies

 Share

This topic is 8925 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Vaughan Grand Master

Vaughan

Posted
Posted

Specifically what kind of vulnerability did they find? Was it Mac or Windows?

What version FMP and is the progam patched to the latest level?

jimpres Contributor

jimpres

Posted
Posted

A security sweep of our NT server with Filmaker

Pro 5 unlimited on it showed we were vulberable to hackers. The web companion allowed averlaying of long HTTP GET requests. And it could overright the stack. This allows hackers to execute their code on our machine.

Vaughan Grand Master

Vaughan

Posted
  • Author
Posted

Ok, but remember Web Companion isn't a "typical" or "normal" web server: it's designed solely as an interface to FMP. So even if there is a vulnerability, web companion might not understand or process the code anyway.

I'd be more worried about shared databases without passwords etc.

Anatoli Grand Master

Anatoli

Posted
Posted

quote:
Originally posted by jimpres:

A security sweep of our NT server with Filmaker

Pro 5 unlimited on it showed we were vulberable to hackers. The web companion allowed averlaying of long HTTP GET requests. And it could overright the stack. This allows hackers to execute their code on our machine.

Suggestion: run WebCompanion on separate machine and serve the Web trough main NT IIS with WebConnector. That way al the security is provided by IIS machine.

This topic is 8925 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept