And this is from the horse's mouth, so to speak:
FileMaker products and the Heartbleed bug (on FileMaker's website)
"FileMaker Pro 13 and FileMaker Pro 13 Advanced are vulnerable only when using the following features and connecting to a non-FileMaker server via a SSL connection which may have been otherwise compromised: Insert from URL; Send Mail via an SMTP Server; Import XML from a remote server."
For what it's worth, none of the client databases that we have hosted at Point in Space are, at this time, using any of those features.
Quick followup to previous post about the Heartbleed vulnerability in OpenSSL.
First, the original release of FileMaker Server 13.0 was potentially vulnerable. FileMaker Inc has released FileMaker Server 13.0v1, which fixes the problem. If you're running FileMaker Server, you should get this update immediately, especially if you're server is open to remote connections.
The premium hosting service that we recommend to all our clients is Point in Space. They've been running FileMaker Server 13, but their servers — and thus their clients' databases — were not affected by Heartbleed, because Point in Space's servers use stock installations of Mac OS X or OS X Server, and these operating systems use a build of OpenSSL that does not have the Heartbleed bug. So, a little good news there.
Are you thinking that the two previous paragraphs seem irreconcilable? They're not. In order for your database server setup to be at risk of leaking sensitive info because of the Heartbleed bug, at least two conditions have to be met:
Standard builds of Mac OS X and Mac OS X Server aren't affected by Heartbleed not because OS X is so intrinsically wonderful, but because those versions of the Mac OS don't install the vulnerable build of OpenSSL. On the other hand, it's possible to install the buggy build of OpenSSL even in Mac OS X via MacPorts or Homebrew.
One last point for ordinary users. Don't misunderstand this news about Mac OS X and X Server: This means that machines running standard installations of Mac OS X and acting as https servers aren't going to "leak" info to incoming connections due to Heartbleed. But Heartbleed is a bug that affects servers. If your computer is one of the 99% of the world's computers that's just an ordinary workstation, Heartbleed isn't an issue for your machine regardless of the operating system it's running — Heartbleed still might be an issue for the servers used by your bank or your online merchant accounts, etc. The fact that your home is a fortress says nothing about the security of the money you have in the vault at your local bank.