FileMaker 5 Internet Security Holes -- Blue World Communications has published a FileMaker 5 security alert outlining serious Internet security issues with FileMaker Pro 5 and FileMaker Pro 5 Unlimited's XML publishing and email capabilities. Two exploits enable an interloper to acquire the entire contents of any Web-published database via email or as XML regardless of Web security settings; another enables anyone on the Internet to use FileMaker 5's email capabilities to send arbitrary email messages (a problem sure to delight spammers worldwide). These revelations come a week after FileMaker Inc. published documentation of FileMaker Pro 5's Web publishing capabilities in FileMaker Developer 5, although portions of FileMaker's XML capabilities have been documented on FileMaker's Web site for five weeks. As of this writing, FileMaker has not acknowledged any problems, and the only workarounds currently appear to be disabling FileMaker 5's Web Companion, reverting to FileMaker Pro 4.x (which does not have these security issues, but cannot open FileMaker 5 databases), or using a middleware product like Blue World's Lasso as a gateway for incoming requests. [GD]
Set Password Activation Time in Snow Leopard
In Snow Leopard, you can now set an amount of time after your Mac goes to sleep or engages the screen saver before it requires a password to log back on. In Leopard, the option was simply to require the password or not. Choose among several increments, between 5 seconds and 4 hours, from System Preferences > Security.
Other articles in the series FileMaker 5
Published in TidBITS 529.
Subscribe to our weekly email edition.
FileMaker 5 Internet Security Holes
Set up short abbreviations which expand to larger bits of text,
such as “Tx” for “TextExpander”. With the new custom keyboard,
you can expand abbreviations in any app, including Safari and