Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 3736 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

I integrated a credit care payment gateway (by Nelix Transax) into my database solution about two years ago.  What I was not aware of at the time was the fact that the gateway provider requires my server to be scanned on a quarterly basis by ControlScan (even though I do not record or maintain any credit card information in my database).  My solution also includes SeedCode's Zulu software creating an iCal server (using port 80).

 

My most recent scan failed as a result of two vulnerabilities:  the web server autoindex is enabled and the Apache ETag header discloses inode numbers.  In my web server deployment, I have turned off PHP and Instant Web Publishing but I have to use XML (for Zulu).  Since FileMaker is using it's own copy of Apache, I can't find how to correct the two vulnerabilities causing my scans to fail.  I would certainly appreciate any guidance or insights that anyone might have.

 

(I am hosting my database solution via FileMaker Server Advanced 12.0.5.551 [although the About window STILL says 12.0.3.327] on OSX 10.8.5.  I have not upgraded my server machine to Mavericks due to the issue with FM Server 12 and Mavericks preventing the server from sending e-mails.)

This topic is 3736 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.