Looking over the release notes for the latest Server release, I find this little gem:
"Because of a possible security exposure, the XML and PHP web publishing technologies are disabled by default. To enable these technologies, you should have a valid digital certificate installed. If you do not have your own signed certificate or if you are using the standard FileMaker certificate, then do not enable these technologies."
Okay, so that makes some sense. If I'm running secured connections, I probably worry about man-in-the-middle attacks. However, the way the advisory is worded makes me ask: Do all CWP sites now need authorized certificates, or just secured ones? IOW, if I have a site that's not running SSL, what do I need a certificate for?
Inquiring minds and all ...