Jesus -- I actually am the webmaster of this site -- you lot going round scaring me i dunno... and as Russ says there only be select permissions on the public role so please no trying to monkey around, cos I'll cry.
If anyone wants syndicated content i.e. up-to-date LEA info please use feedback on the site to request it and I'm sure we'll look at it in time. d ;0) ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 03, 2003 11:08 AM Subject: RE: [ cf-dev ] Kinda Hacking but ... > > & in the url is fine, otherwise url parameters would never work, but & in > the filename is not fine. e.g. fish&chips.cfm is not going to work. this > can be a problem where you're letting users upload files that might have > invalid characters, but otherwise works pretty well. > > it's fully customisable though as to what you want to allow and deny, but > the default settings seem pretty good. it also logs everything that gets > rejected, so you can see any attempted hacks, or things that have ben > rejected that should have been ok. > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ tools/tools/urlscan.asp > > > Duncan Cumming > IT Manager > > http://www.alienationdesign.co.uk > mailto:[EMAIL PROTECTED] > Tel: 0141 575 9700 > Fax: 0141 575 9600 > > Creative solutions in a technical world > > ---------------------------------------------------------------------- > Get your domain names online from: > http://www.alienationdomains.co.uk > Reseller options available! > ---------------------------------------------------------------------- > ---------------------------------------------------------------------- > > > > "Kola Oyedeji" > <[EMAIL PROTECTED] To: <[EMAIL PROTECTED]> > yalty.com> cc: > Subject: RE: [ cf-dev ] Kinda Hacking but ... > 03/04/2003 11:03 > Please respond to > dev > > > > > > I'm assuming that you can tell it what to filter out. Isn't ";" used as > part of a J2EE session identifier on the url? And surely it doesn't > reject ampersands in the url? > > > > Kola > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] > >> Sent: 03 April 2003 10:09 > >> To: [EMAIL PROTECTED] > >> Subject: RE: [ cf-dev ] Kinda Hacking but ... > >> > >> > >> works with IIS as part of the IISLockDown tool, although I think it > can > >> also be installed on it's own. checks no invalid stuff is going into > the > >> url, e.g. > >> > >> ; drop table admin > >> > >> would get rejected. can't remember it all, but it's things like ;.&* > >> etc. > >> It keeps logfiles, you'd be surprised the amount of attempted url > hacks > >> for > >> C:\cmd.exe etc. > >> > >> should be installed as a basic security measure on any NT/2000 server > >> imho. > >> > >> > >> Duncan Cumming > >> IT Manager > >> > >> http://www.alienationdesign.co.uk > >> mailto:[EMAIL PROTECTED] > >> Tel: 0141 575 9700 > >> Fax: 0141 575 9600 > >> > >> Creative solutions in a technical world > >> > >> > ---------------------------------------------------------------------- > >> Get your domain names online from: > >> http://www.alienationdomains.co.uk > >> Reseller options available! > >> > ---------------------------------------------------------------------- > >> > ---------------------------------------------------------------------- > >> > >> > >> > >> "Kola Oyedeji" > >> <[EMAIL PROTECTED] To: > >> <[EMAIL PROTECTED]> > >> yalty.com> cc: > >> Subject: RE: [ > cf-dev > >> ] Kinda Hacking but ... > >> 03/04/2003 10:05 > >> Please respond to > >> dev > >> > >> > >> > >> > >> > >> While we're on the subject, what exactly does urlscan do? We don't > use > >> it here, we generally rely on using cfqueryparam and restricting DSNs > >> I'm wondering if we should be using it. > >> > >> > >> Thanks > >> > >> Kola > >> > >> >> -----Original Message----- > >> >> From: Snake.Lists [mailto:[EMAIL PROTECTED] > >> >> Sent: 02 April 2003 18:24 > >> >> To: [EMAIL PROTECTED] > >> >> Subject: RE: [ cf-dev ] Kinda Hacking but ... > >> >> > >> >> I put a stop to things like a while ago. It did used to be > possible > >> tho. > >> >> > >> >> Russ > >> >> > >> >> -----Original Message----- > >> >> From: [EMAIL PROTECTED] > >> >> [mailto:[EMAIL PROTECTED] > >> >> Sent: 02 April 2003 17:16 > >> >> To: [EMAIL PROTECTED] > >> >> Subject: RE: [ cf-dev ] Kinda Hacking but ... > >> >> > >> >> > >> >> > >> >> or how about updating some details, maybe insert a nice new LEA, > >> delete > >> >> those we don't like. > >> >> > >> >> > >> >> Duncan Cumming > >> >> IT Manager > >> >> > >> >> http://www.alienationdesign.co.uk > >> >> mailto:[EMAIL PROTECTED] > >> >> Tel: 0141 575 9700 > >> >> Fax: 0141 575 9600 > >> >> > >> >> Creative solutions in a technical world > >> >> > >> >> > >> > ---------------------------------------------------------------------- > >> >> Get your domain names online from: > >> >> http://www.alienationdomains.co.uk > >> >> Reseller options available! > >> >> > >> > ---------------------------------------------------------------------- > >> >> > >> > ---------------------------------------------------------------------- > >> >> > >> >> > >> >> > >> >> Adrian Lynch > >> >> <[EMAIL PROTECTED] To: > >> >> "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > >> >> ubble.net> cc: > >> >> Subject: RE: [ > >> cf-dev ] > >> >> Kinda Hacking but ... > >> >> 02/04/2003 17:16 > >> >> Please respond to > >> >> dev > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> Here's hoping it only has SELECT permissions! > >> >> > >> >> -----Original Message----- > >> >> From: [EMAIL PROTECTED] > >> >> [mailto:[EMAIL PROTECTED] > >> >> Sent: 02 April 2003 17:12 > >> >> To: [EMAIL PROTECTED] > >> >> Subject: Re: [ cf-dev ] Kinda Hacking but ... > >> >> > >> >> > >> >> > >> >> well, next step is for some bright spark to stick a "; drop table > >> >> ContentLEAdetails" on there. > >> >> > >> >> > >> >> Duncan Cumming > >> >> IT Manager > >> >> > >> >> http://www.alienationdesign.co.uk > >> >> mailto:[EMAIL PROTECTED] > >> >> Tel: 0141 575 9700 > >> >> Fax: 0141 575 9600 > >> >> > >> >> Creative solutions in a technical world > >> >> > >> >> > >> > ---------------------------------------------------------------------- > >> >> Get your domain names online from: > >> >> http://www.alienationdomains.co.uk > >> >> Reseller options available! > >> >> > >> > ---------------------------------------------------------------------- > >> >> > >> > ---------------------------------------------------------------------- > >> >> > >> >> > >> >> > >> >> > >> >> Dave Phipps > >> >> > >> >> <[EMAIL PROTECTED] To: > >> >> <[EMAIL PROTECTED]> > >> >> cf.co.uk> cc: > >> >> > >> >> Subject: Re: [ cf-dev > ] > >> >> Kinda > >> >> Hacking but ... > >> >> 02/04/2003 > >> >> > >> >> 16:51 > >> >> > >> >> Please > >> >> > >> >> respond to > >> >> > >> >> dev > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> I managed to get this to produce more than one record: > >> >> > >> >> > >> > http://www.dfes.gov.uk/leagateway/index.cfm?action=address.list&name=15% > >> 2 > >> >> 0OR > >> >> > >> >> %20id=2 > >> >> > >> >> > >> >> HTH > >> >> > >> >> Dave > >> >> > >> >> At 11:36 4/2/2003 +0100, you wrote: > >> >> >You obviously don't work in Education .... :) > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> >"Stephen Moretti" <[EMAIL PROTECTED]> on 02/04/2003 11:32:58 > >> >> > > >> >> >Please respond to [EMAIL PROTECTED] > >> >> > > >> >> >To: [EMAIL PROTECTED] > >> >> >cc: (bcc: Paul Swingewood/Education/BCC) > >> >> >Subject: Re: [ cf-dev ] Kinda Hacking but ... > >> >> > > >> >> > > >> >> > > >> >> > > >> >> >Paul, > >> >> > > >> >> > > >> >> > > This maybe kinda hacking but I wonder if anyone can help me > out > >> on > >> >> this > >> >> >one > >> >> > > .... > >> >> > > > >> >> > > I need a list of all the DfES LEA's in the country. (Local > >> Education > >> >> > > Authority) > >> >> > > > >> >> > > The DFES website allows you to show them all in a-z format and > >> then > >> >> click > >> >> > > on each to get the details. Is there a fast way that I can > send a > >> >> query > >> >> >or > >> >> > > force their code to show them all in one go (Select * from) . > >> >> > > > >> >> > > >> >> >How about asking the DfES?? > >> >> > > >> >> >Stephen > >> >> > > >> >> > > >> >> > > >> >> >-- > >> >> >** Archive: > >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> >> > > >> >> >To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> >For additional commands, e-mail: [EMAIL PROTECTED] > >> >> >For human help, e-mail: [EMAIL PROTECTED] > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> >************************************************************* > >> >> >This email and any files transmitted with it are confidential > >> >> >and intended solely for the use of the individual or entity > >> >> >to whom they are addressed. If you have received this email > >> >> >in error please notify [EMAIL PROTECTED] > >> >> > > >> >> >The views expressed within this email are those of the > >> >> >individual, and not necessarily those of the organisation > >> >> >************************************************************* > >> >> > > >> >> > > >> >> >-- > >> >> >** Archive: > >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> >> > > >> >> >To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> >For additional commands, e-mail: [EMAIL PROTECTED] > >> >> >For human help, e-mail: [EMAIL PROTECTED] > >> >> > >> >> > >> >> -- > >> >> ** Archive: > >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> >> > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> For additional commands, e-mail: [EMAIL PROTECTED] > >> >> For human help, e-mail: [EMAIL PROTECTED] > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> -- > >> >> ** Archive: > >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> >> > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> For additional commands, e-mail: [EMAIL PROTECTED] > >> >> For human help, e-mail: [EMAIL PROTECTED] > >> >> > >> >> -- > >> >> ** Archive: > >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> >> > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> For additional commands, e-mail: [EMAIL PROTECTED] > >> >> For human help, e-mail: [EMAIL PROTECTED] > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> -- > >> >> ** Archive: > >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> >> > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> For additional commands, e-mail: [EMAIL PROTECTED] > >> >> For human help, e-mail: [EMAIL PROTECTED] > >> >> > >> >> > >> >> -- > >> >> ** Archive: > >> http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> >> > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> For additional commands, e-mail: [EMAIL PROTECTED] > >> >> For human help, e-mail: [EMAIL PROTECTED] > >> > >> > >> -- > >> ** Archive: > http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> For human help, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > >> > >> > >> -- > >> ** Archive: > http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > >> > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> For human help, e-mail: [EMAIL PROTECTED] > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]