Aller au contenu
  • billets
    12
  • commentaire
    0
  • vues
    44

FileMaker 13 & 14 WebDirect security patch

MainSpring

34 vues

Even though FileMaker 16 is the current version, MainSpring has supported clients with WebDirect servers since it was released in version 13, and FileMaker server 14 will be supported until September 2018. Because of this, it’s important for us to call attention to the recent security risk that was identified on FileMaker servers 13 and 14.

WebDirect security risk discovered

Recently, we discovered that due to a lack of a robots.txt file in the WebDirect installation on FileMaker server 13 and 14, the URL of your WebDirect server can be indexed by search engines such as Google, Bing and Yahoo. This could unintentionally grant remote users the ability to visit your WebDirect homepage, and potentially gain access to files in an unexpected way.

A robots.txt file is a simple text file that asks any “search bot” that’s crawling a page or archiving information to follow a specific set of rules. While the robots.txt can be ignored by malicious bots, most modern search engines will respect those rules. In FileMaker Server 15+, the server configuration already contains the rules for turning off indexing by default, but you can still install the robots.txt file if you want.

How to install the WebDirect security patch

So, how do you add this patch? Simply create a robots.txt file in the following directory:

  • Mac: HDD/Library/FileMaker Server/HTTPServer/conf/
  • PC: C:/Program Files/FileMaker/FileMaker Server/HTTPServer/conf/
MB201806_01-600x33.pngFolder path on a windows server

Inside of your robots.txt file, input the following code:

  • User-agent: *
  • Disallow: /
MB201806_02-600x28.pngrobots.txt file in the folder

Now, save, and you’re finished! This would be a good time to install any updates, and restart your server, as well. Also, it’s important to note that, if your server address was already indexed on a search engine, it may take a few weeks for the bots to revisit your page and refresh their directory.

Additional ways to secure your WebDirect server

So, here are some other steps you may want to do in order to secure your server…

  • Disable guest access for all files, or at least perform a security check to make sure the guest account has severely limited access
  • Enable the server setting “Show only files for which each user has access to”. This will require a user to provide their username and password in order to view the WebDirect homepage.
  • Make sure to check that none of your files are hosted with the default “admin” account with no password. If so, we recommend setting a strong password and changing the account name from admin to something else.
  • Install an SSL certificate if you do not have one already
MB201806_03-600x353.pngOther security settings in FileMaker server

Afficher la totalité du billet



0 Commentaire


Commentaires recommandés

Il n’y a aucun commentaire à afficher.

Créer un compte ou se connecter pour commenter

Vous devez être membre afin de pouvoir déposer un commentaire

Créer un compte

Créez un compte sur notre communauté. C’est facile !

Créer un nouveau compte

Se connecter

Vous avez déjà un compte ? Connectez-vous ici.

Connectez-vous maintenant
×