On Friday 12 October 2001 02:18 pm, you wrote:
> > I just wanted to tell you to watch out for the other tags as
> > well. Just as an example: cfregistry. As much as I found it
> > hard to believe when I was first shown it, there is a 'cfadmin'
> > cfregistry 'hack-script' that will output the decoded admin
> > password from the 'registry' to the browser. I thought for
> > sure that that was only for the windows fools <VBG - j/k> but
> > alas, no - linux has that 'prob' as well.  See what happens
> > when you 'borrow' winders stuff (registry) - you get winders
> > 'problems' ;P...
>
> For what it's worth, this doesn't have anything to do with the registry
> itself, or Windows, but rather just that CF has hard-coded keys used for
> encryption and decryption, built into the server itself. That's why there's
> a publicly available utility for decrypting CF files - the encryption that
> Allaire provides just isn't that good, and the keys used can't ever be
> changed.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> voice: (202) 797-5496


Hrm.  I was referring more to the fact that a 'registry' was used in Linux as 
well.  And that there is a script floating around that someone with shared 
access can upload, and then run, and output the cfserver's admin password to 
the browser...  I didn't mean that cfregistry was bad, or that windows was 
bad (tho I prob. thought that one <g>), but that since there is no Adv. Sec. 
for CFLinux, to not allow this tag to be available if you're gonna share 
CFLinux Hosting...

Geo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to