http://docs.360works.com/index.php?title=Security_issues_with_Web_Publishing&feed=atom&action=historySecurity issues with Web Publishing - Revision history2024-03-28T17:40:34ZRevision history for this page on the wikiMediaWiki 1.19.1http://docs.360works.com/index.php?title=Security_issues_with_Web_Publishing&diff=1928&oldid=prevCharis: /* SafetyNet and IIS Manager */2016-02-02T23:03:46Z<p><span dir="auto"><span class="autocomment">SafetyNet and IIS Manager</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:03, 2 February 2016</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 15:</td>
<td colspan="2" class="diff-lineno">Line 15:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Please note: Windows authentication needs to be disabled on IIS manager</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Please note: Windows authentication needs to be disabled on IIS manager</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>[[File:SafetyNet-Backup-IIS.png|200px|thumb|left|<del class="diffchange diffchange-inline">alt text</del>]]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>[[File:SafetyNet-Backup-IIS.png|200px|thumb|left|<ins class="diffchange diffchange-inline">Screenshot: Disable Windows Authentication on IIS Manager</ins>]]</div></td></tr>
</table>Charishttp://docs.360works.com/index.php?title=Security_issues_with_Web_Publishing&diff=1927&oldid=prevCharis: /* SafetyNet and IIS Manager */2016-02-02T23:02:32Z<p><span dir="auto"><span class="autocomment">SafetyNet and IIS Manager</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:02, 2 February 2016</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==SafetyNet and IIS Manager==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==SafetyNet and IIS Manager==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Windows authentication needs to be disabled on IIS manager</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Please note: </ins>Windows authentication needs to be disabled on IIS manager</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">[[File:SafetyNet-Backup-IIS.png|200px|thumb|left|alt text]]</ins></div></td></tr>
</table>Charishttp://docs.360works.com/index.php?title=Security_issues_with_Web_Publishing&diff=1925&oldid=prevCharis at 22:47, 2 February 20162016-02-02T22:47:41Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 22:47, 2 February 2016</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 10:</td>
<td colspan="2" class="diff-lineno">Line 10:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>On IIS you should also make sure that "Integrated Windows authentication" is not checked in Default Site -> Properties -> Directory Security -> Edit.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>On IIS you should also make sure that "Integrated Windows authentication" is not checked in Default Site -> Properties -> Directory Security -> Edit.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">==SafetyNet and IIS Manager==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Windows authentication needs to be disabled on IIS manager</ins></div></td></tr>
</table>Charishttp://docs.360works.com/index.php?title=Security_issues_with_Web_Publishing&diff=1292&oldid=prevTravis: /* Security Dialog when accessing WPE pages or Zulu */2014-12-12T20:28:58Z<p><span dir="auto"><span class="autocomment">Security Dialog when accessing WPE pages or Zulu</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 20:28, 12 December 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 9:</td>
<td colspan="2" class="diff-lineno">Line 9:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Sometimes there can be permissions issues or misconfigured security settings if FileMaker Server has been deployed multiple times.  Your web server has its own settings which may not be removed when FMS is redeployed or uninstalled.  FileMaker has posted instructions at http://help.filemaker.com/app/answers/detail/a_id/6454/kw/IIS%20Authentication/session/L3RpbWUvMTMwMzgyNzY0MC9zaWQvQjcxTGxzc2s%3D which can help you clear settings from a previous FileMaker Server deployment which can help resolve these issues.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Sometimes there can be permissions issues or misconfigured security settings if FileMaker Server has been deployed multiple times.  Your web server has its own settings which may not be removed when FMS is redeployed or uninstalled.  FileMaker has posted instructions at http://help.filemaker.com/app/answers/detail/a_id/6454/kw/IIS%20Authentication/session/L3RpbWUvMTMwMzgyNzY0MC9zaWQvQjcxTGxzc2s%3D which can help you clear settings from a previous FileMaker Server deployment which can help resolve these issues.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>On IIS you should also make sure that "Integrated <del class="diffchange diffchange-inline">windows </del>authentication" is not checked in Default Site -> Properties -> Directory Security -> Edit.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>On IIS you should also make sure that "Integrated <ins class="diffchange diffchange-inline">Windows </ins>authentication" is not checked in Default Site -> Properties -> Directory Security -> Edit.</div></td></tr>
</table>Travishttp://docs.360works.com/index.php?title=Security_issues_with_Web_Publishing&diff=1291&oldid=prevTravis: /* Security Dialog when accessing WPE pages or Zulu */2014-12-12T20:28:45Z<p><span dir="auto"><span class="autocomment">Security Dialog when accessing WPE pages or Zulu</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 20:28, 12 December 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 7:</td>
<td colspan="2" class="diff-lineno">Line 7:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Security Dialog when accessing WPE pages or Zulu==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==Security Dialog when accessing WPE pages or Zulu==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Sometimes there <del class="diffchange diffchange-inline">cahn </del>be permissions issues or misconfigured security settings if FileMaker Server has been deployed multiple times.  Your web server has its own settings which may not be removed when FMS is redeployed or uninstalled.  FileMaker has posted instructions at http://help.filemaker.com/app/answers/detail/a_id/6454/kw/IIS%20Authentication/session/L3RpbWUvMTMwMzgyNzY0MC9zaWQvQjcxTGxzc2s%3D which can help you clear settings from a previous FileMaker Server deployment which can help resolve these issues.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Sometimes there <ins class="diffchange diffchange-inline">can </ins>be permissions issues or misconfigured security settings if FileMaker Server has been deployed multiple times.  Your web server has its own settings which may not be removed when FMS is redeployed or uninstalled.  FileMaker has posted instructions at http://help.filemaker.com/app/answers/detail/a_id/6454/kw/IIS%20Authentication/session/L3RpbWUvMTMwMzgyNzY0MC9zaWQvQjcxTGxzc2s%3D which can help you clear settings from a previous FileMaker Server deployment which can help resolve these issues.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>On IIS you should also make sure that "Integrated windows authentication" is not checked in Default Site -> Properties -> Directory Security -> Edit.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>On IIS you should also make sure that "Integrated windows authentication" is not checked in Default Site -> Properties -> Directory Security -> Edit.</div></td></tr>
</table>Travishttp://docs.360works.com/index.php?title=Security_issues_with_Web_Publishing&diff=17&oldid=prevSarah: Created page with "==General FileMaker plugin security== You should exercise care when using any FileMaker plugin from within the Web Publishing Engine. This is allowing remote users to execute..."2012-07-24T20:38:12Z<p>Created page with "==General FileMaker plugin security== You should exercise care when using any FileMaker plugin from within the Web Publishing Engine. This is allowing remote users to execute..."</p>
<p><b>New page</b></p><div>==General FileMaker plugin security==<br />
<br />
You should exercise care when using any FileMaker plugin from within the Web Publishing Engine. This is allowing remote users to execute code on the server machine, which can potentially be used maliciously if you do not guard against that possibility. For example, let's say that you have a file manipulation plugin installed that can read the contents of a file and display it in a FileMaker field. If you create a web publishing interface that allows the user to enter any path for the file to read, they could read any file on the server's hard drive and view the result of that in the web published database.<br />
<br />
This does not mean that you should never use plugins with the web publishing - just make sure that you access them through scripts, and that the inputs to these scripts cannot be maliciously manipulated by users accessing your site.<br />
<br />
==Security Dialog when accessing WPE pages or Zulu==<br />
<br />
Sometimes there cahn be permissions issues or misconfigured security settings if FileMaker Server has been deployed multiple times. Your web server has its own settings which may not be removed when FMS is redeployed or uninstalled. FileMaker has posted instructions at http://help.filemaker.com/app/answers/detail/a_id/6454/kw/IIS%20Authentication/session/L3RpbWUvMTMwMzgyNzY0MC9zaWQvQjcxTGxzc2s%3D which can help you clear settings from a previous FileMaker Server deployment which can help resolve these issues.<br />
<br />
On IIS you should also make sure that "Integrated windows authentication" is not checked in Default Site -> Properties -> Directory Security -> Edit.</div>Sarah