Skip to content
Thoughtful, detailed coverage of everything Apple for 32 years
and the TidBITS Content Network for Apple professionals

Blue World Reveals FileMaker 5 Internet Security Holes


Blue World Communications has published a FileMaker 5 security alert outlining serious Internet security issues with FileMaker Pro and FileMaker Pro 5 Unlimited’s XML publishing and email capabilities. One exploit enables an interloper to acquire the entire contents of any Web-published database as XML regardless of Web security settings; another permits the entire contents of a Web-published database to be retrieved via email, and a third enables anyone on the Internet to use FileMaker 5’s email capabilities to send arbitrary email messages via FileMaker Pro (a problem sure to delight spammers worldwide). These revelations come a week after FileMaker Inc. published documentation of FileMaker Pro 5’s Web publishing capabilities in FileMaker Developer 5, although portions of FileMaker’s XML capabilities have been documented on FileMaker’s Web site for five weeks. As of this writing, FileMaker has not acknowledged any problems, although sources indicate the company was informed of issues with Web security approximately a month ago. Currently, the only workarounds appear to be disabling FileMaker 5’s Web Companion, reverting to FileMaker Pro 4 (which does not have these security issues, but cannot open FileMaker 5 databases), or using a middleware product like Blue World’s Lasso as a gateway for incoming requests.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 32 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.