[NPL] [Alert] Lasso Java Security Issue

[NPL] [Alert] Lasso Java Security Issue

IMPORTANT SECURITY ALERT

Attention All Lasso Customers,

September 4, 1998

A security hole was discovered and reported to Blue World Communications,
Inc. this afternoon. The security hole exposes a security problem which
allows any Lasso 2.x served database information to be available as "read
only" via Java-based communication. A Lasso customer was able to view
fields and data not intended for viewing in a Lasso-powered FileMaker
database using Symantec's Visual Cafe for Java Database Edition.

Immediately upon receipt of the report, Blue World engineers confirmed the
problem and began working on a fix. Available within hours of the report, a
security patch is now available at
http://www.blueworld.com/blueworld/download/.

All Lasso 2.x customers are advised to install the patch immediately,
regardless of whether or not they have deployed Java-enabled databases.

Lasso 2.5.1 customers are advised to install the patch and optionally
install the new Java Enabler module for more secure Java-based
communication. Lasso 2.5.1 customers are also advised to check their Lasso
security database settings to ensure that fields not meant to be viewed via
the Web are set with the "Dont Show" privilege. The security patch updates
Lasso 2.5.1 to Lasso 2.5.1a.

Lasso 2.0.3 customers are advised to install the security patch which
disables Java communication or upgrade to Lasso 2.5.1 and install the above
mentioned Lasso 2.5.1a patch for more secure Java communication. The
security patch updates Lasso 2.0.3 to Lasso 2.0.3a.

The security hole allowed only data to be viewed and not edited. To protect
Lasso-powered sites while they are updated with the security patch,
specific details regarding the routines used to view fields not intended
for viewing are not available. Information regarding potential security
issues with other products based on Lasso technology--including the recent
Beta Release 1 of the Lasso 3 product line--is also not available at this
time.

Symantec has been notified of the Lasso security issue and is in the
process of notifying Symantec Visual Cafe for Java Database Edition
registered customers.

Blue World would like to publicly acknowledge and thank Mike Stahulak and
Dave Johnson of Red Rock Software, Inc. for discovering and reporting the
problem.

Sincerely,

Bill Doerrfeld
President & CEO
Blue World Communications, Inc.

 
AAPL
$282.52
Apple Inc.
-1.23
MSFT
$24.38
Microsoft Corpora
-0.11
GOOG
$525.62
Google Inc.
-0.17
MacTech Search:
Community Search:
See All

Introducing the App Hall of Fame!
App discoverability continues to be a real issue. With the fast churn of apps in the App Store, an app has only a few weeks of promotional life in it before it‚Äôs largely forgotten. There are a few things developers can do to fix that, but those... | Read more »
Gobliiins Are Coming
In the midst of the huge Q4 launch schedule, the cult classic, Gobliiins, as well as the rest of the trilogy, are being ported to the iPhone in all of their original glory. The Goblins trilogy was a quirky Atari/Amiga game series from the early 90‚Äôs... | Read more »
myPhoneDesktop – Chrome to iPhone Extens...
Anyone who has used myPhoneDesktop knows that it is a fantastic tool for streamlining your onscreen workflow. Instead of having to type line after line into your phone directly, you can use myPhoneDesktop to type from your computer directly into... | Read more »
Classes Review
Developer: Dustlab Price: $0.99 Version Reviewed: 2.4.7 iPhone Integration Rating: 3 out of 5 stars User Interface Rating: 4 out of 5 stars Re-use / Replay Value Rating: 3 out of 5 stars Overall Rating: 3.33 out of 5 stars | Read more »
AutoVerbal Talking Soundboard Pro helps...
Being able to speak and communicate with others is something that many of us take for granted. It‚Äôs not so easy for many folks though, in particular for individuals with autism spectrum disorders, as well as those who have suffered various brain... | Read more »
Pocketbooth Review
Developer: Project Box Price: $0.99 Version Reviewed: 1.0 iPhone Integration Rating: 4 out of 5 stars User Interface Rating: 4 out of 5 stars Re-use / Replay Value Rating: 4.5 out of 5 stars Overall Rating: 4.17 out of 5 stars | Read more »
Get Your Roast Right With ‘Time To Roast...
Roasting meat, in the cooking world, is about as simple as it gets. The greatest roast recipe I‚Äôve ever found is from Michael Ruhlman‚Äôs website, with the recipe titled, ‚ÄúThe World‚Äôs Most Difficult Roasted Chicken Recipe.‚Äù | Read more »
See All

  • Generate a short URL for this page:



All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.
Greetings, and welcome to the new MacTech web site! Our home page is designed to be your Industry Dashboard -- so you can have a snapshot of all that's relevant in the industry in one easy location. Many readers tell us that because the information is updated so frequently, they are now checking the site multiple times a day. Here's a quick run down of the features on the new web site, which can be subtle. We truly hope you register so that we can keep you up to date about new features as they are implemented. And, please use the BETA button in the top right to provide us any feedback, suggestions or bugs. We love to hear from you.