Lasso security hole discovered - and patched

Red Rock Software (as noted in a press release) "discovered and reported a major security hole in Blue World's Lasso CGI technology allowing unwanted access to sensitive, non-published data stored in FileMaker Pro databases. Red Rock Software fully cooperated with Blue World to identify the extent of the problem and Blue World has announced an immediate patch which reportedly fixes the problem. The security problem exposes nearly any Lasso-powered database to viewing, and potentially, editing, via Java-based applications developed with Symantec's Visual Cafe Database Developer's Edition, even if there is no browser-based interface to that database. Red Rock's own FileMaker and Java-based time tracking and project managing application, TRAQtix, does not currently use Lasso technology and is not affected by this security problem."

Blue World also has a security alert page on this matter. The patch for Lasso is on yet another Web page. "All Lasso 2.x customers are advised to install the patch immediately, regardless of whether or not they have deployed Java-enabled databases."