Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Protect Your FileMaker Server and Files From A Vulnerability

Steven H. Blackwell
in Community Videos, Tips, & Techniques, Articles.

Featured Replies

I have recently learned that there may be any number of FileMaker Server installations world-wide that are hosting files that open automatically without credentials challenge to the [Full Access] Privilege Set. The default-installed FileMaker Server Sample File is one of these; however, there are others.

This is not such a good practice. Such files offer an attractive attack vector that a Threat Agent can use to inflict damage on the FileMaker Server machine or on its hosted files. If a Threat Agent can locate the server and access it, an attack can occur using these files.

Most attacks occur when a Threat Agent utilizes some vulnerability to mount an exploit that has some negative impact on the Confidentiality, Integrity, or Availability (CIA) of a digital asset such as a FileMaker Pro database. To that we must now add that the exploit can adversely impact the Resilience of the database system as well. We measure that negative impact of an attack along a continuum ranging from Limited to Serious to Severe to Catastrophic. In managing security in FileMaker database systems, we work to block Threat Agents, to close vulnerabilities, and to mitigate the negative impact of an attack.

I would therefore strongly recommend the following actions:

  • If you do not need the FileMaker Server Sample File, then remove it from your server. If you do need it, give it credentials or have it open to a restricted privilege level.
  • If you have other files that open without challenge to [Full Access] privileges, then change that process to require credentials or, at the least, to open to a restricted level of privileges.
  • Periodically review the FileMaker Server Access Log to see if it contains evidence of unusual or unexpected access to the server. Of course, for that to work, you must enable this log in the FileMaker Server Admin Console.

It is my view that in the FileMaker community we have a responsibility to one another to help each other maintain safe systems, to avoid and to prevent attacks, and to block Threat Agents. I will continue to advise the community of security-related items from time to time.

Steven H. Blackwell

View the full article

Create an account or sign in to comment

https://fmforums.com/topic/91533-protect-your-filemaker-server-and-files-from-a-vulnerability/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.