On Friday 12 October 2001 02:18 pm, you wrote: > > I just wanted to tell you to watch out for the other tags as > > well. Just as an example: cfregistry. As much as I found it > > hard to believe when I was first shown it, there is a 'cfadmin' > > cfregistry 'hack-script' that will output the decoded admin > > password from the 'registry' to the browser. I thought for > > sure that that was only for the windows fools <VBG - j/k> but > > alas, no - linux has that 'prob' as well. See what happens > > when you 'borrow' winders stuff (registry) - you get winders > > 'problems' ;P... > > For what it's worth, this doesn't have anything to do with the registry > itself, or Windows, but rather just that CF has hard-coded keys used for > encryption and decryption, built into the server itself. That's why there's > a publicly available utility for decrypting CF files - the encryption that > Allaire provides just isn't that good, and the keys used can't ever be > changed. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496
Hrm. I was referring more to the fact that a 'registry' was used in Linux as well. And that there is a script floating around that someone with shared access can upload, and then run, and output the cfserver's admin password to the browser... I didn't mean that cfregistry was bad, or that windows was bad (tho I prob. thought that one <g>), but that since there is no Adv. Sec. for CFLinux, to not allow this tag to be available if you're gonna share CFLinux Hosting... Geo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
