FP Web

[Jose Lerebours]

Is the security concern with filePro back-end or the application written 
using said tool?

Today, one can write a SPA and no even reveal the tool being used.  
Given that filePro has such a small market, I do not think hackers with 
malice are already working out a way to blow it up. I know of a well 
known filePro tailored product that was written by a Genius and security 
never crossed his mind and yet, nothing but praise ...

Per injections, well, that has nothing to do with the back-end binaries 
but with the way the programmer writes his/her code.  Of course, if 
fileProWeb does not provide means to sanitize data, we then have a 
totally different subject.

Again, while we speculate about the product, we reveal how little we 
know about it (nothing).  I love the idea of fpTech embracing the web 
and I wish they are successful in this endeavor.  Late perhaps, but they 
just may turn this into the next filePro 16 of the era - a simple RAD 
that anyone can learn and grow to love for the next 40 years.

I know one thing, if fileProWeb delivers, OneGate, fpWeb and the likes 
of me that write mostly WWW based application are gonna feel it - In 
truth, I have not done much filePro development for awhile but if 
fileProWeb can bring my existing application to life with no or minimal 
code re-writing, I just may invest some $$$ (or burn it as I have a 
couple of times).

Notice that I have not even been involved with this list for a couple of 
years but this interests me enough to pay attention and read/write a few 
comments (or books like this one).

Regards,


On 7/7/19 4:56 PM, Fairlight via Filepro-list wrote:
> Excellent point, Richard!
>
> One of the nice thing about OneGate is that it was designed by one of
> those, from the ground up, and does most of the heavy lifting and shielding
> for you.
>
> Based on the history of fpcgi vulnerabilities (and that of filePro itself,
> before the makedir back door was eventually closed), I can't say I'd
> necessarily take the fP Tech's new product's security at face value without
> an evaluation.  All trust -I- might have personally granted is out the
> window entirely on that front, having witnessed the previous debacles.
>
> Is anyone with a background in security going to the unveiling to even give
> this thing a third-party once-over?  :)
>
> mark->
>
>
>
> On Sun, Jul 07, 2019 at 06:51:00PM +0000, Richard Kreiss via Filepro-list thus spoke:
>> Keep in mind that when web enabling filePro, security become a major issue.
>>
>> Review all the areas where an intrusion could occur. If this is beyond your expertise, higher a cyber security professional.
>>
>> Richard
>> Sent from my iPhone
>> _______________________________________________
>> Filepro-list mailing list
>> Filepro-list at lists.celestial.com
>> Subscribe/Unsubscribe/Subscription Changes
>> http://mailman.celestial.com/mailman/listinfo/filepro-list
>>