May 3rd, 2000
|[11:00 AM] FileMaker Inc. Acknowledges Security Bugs
FileMaker Inc. e-mailed us to acknowledge the security flaws related to the Web Companion of FileMaker Pro 5. The company not only acknowledges the problems, they are promising a fix as soon as possible. According to FileMaker:
FileMaker Inc. has learned about Web Companion security issues in FileMaker Pro 5. At this point, we know of no customers who have experienced problems due to these issues, and these issues only concern users publishing FileMaker databases via our Web Companion. But because the security of our customers' data is and always has been an overriding priority at FileMaker, we are committed to sharing what we know quickly and accurately.
Most importantly, we intend to fully investigate and address any bugs as quickly as possible. Resolving these issues is a top priority for FileMaker.
Here is the status of these issues:
- Field-Level Security when using the Web Security Database: Some technologies in the Web Companion may inappropriately expose field contents which the user thinks are protected by Field-Level Security. FileMaker intends to address this problem as soon as possible. In the meantime, users should be aware that Field-Level Security may not be reliable. If Field-Level Security is not necessary, users can implement other security schemes such as password security within the FileMaker application, or the Function-Level Security within the Web Security Database.
- If Web administrators are concerned that users may try to send anonymous e-mail through the Web Companion, they should turn on Logging in the Web Companion Preferences, which will track all requests sent to the Web Companion. This is a good general practice in any case.
The Mac Observer Spin: As we said yesterday, we appreciate this frankness and we expect FileMaker to find solutions to the problems. Stay tuned for updates on this.