Jump to content

Web Companion Security


This topic is 8537 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Specifically what kind of vulnerability did they find? Was it Mac or Windows?

What version FMP and is the progam patched to the latest level?

Link to comment
Share on other sites

A security sweep of our NT server with Filmaker

Pro 5 unlimited on it showed we were vulberable to hackers. The web companion allowed averlaying of long HTTP GET requests. And it could overright the stack. This allows hackers to execute their code on our machine.

Link to comment
Share on other sites

Ok, but remember Web Companion isn't a "typical" or "normal" web server: it's designed solely as an interface to FMP. So even if there is a vulnerability, web companion might not understand or process the code anyway.

I'd be more worried about shared databases without passwords etc.

Link to comment
Share on other sites

quote:

Originally posted by jimpres:

A security sweep of our NT server with Filmaker

Pro 5 unlimited on it showed we were vulberable to hackers. The web companion allowed averlaying of long HTTP GET requests. And it could overright the stack. This allows hackers to execute their code on our machine.

Suggestion: run WebCompanion on separate machine and serve the Web trough main NT IIS with WebConnector. That way al the security is provided by IIS machine.

Link to comment
Share on other sites

This topic is 8537 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.