Me: "I see Dave Watts is out of outsized tropical nuts." Sysadmin: "Give the man a coconut!"
;) cheers Dave. > -----Original Message----- > From: Dave Watts [mailto:[EMAIL PROTECTED]] > Sent: 22 April 2002 17:03 > To: CF-Server > Subject: RE: SecurityFocus: KPMG-2002013: Coldfusion Path Disclosure > > > > we're locking down our servers at the moment and discovered > > something strange.... > > > > on our CF4.5.1 sp2 servers, we applied the 'check file > > exists' and everything was fine and locked down > > > > However, when we tried out CF5 servers, applying the > > workaround destroyed our ability to use the RDS service > > from CF studio to browse/edit etc that server. > > > > When we removed the workaround, access was restored.... > > > > anyone had anything similar? > > Yes, this is a known issue. You can fix it by putting the RDS > files in the > right location - they're not put where they should be by CF > 5. This keeps > any web server which checks for the file's existence from allowing RDS > requests: > > http://www.cfbughunt.org/index.cfm?fuseaction=view_bug&BugID=9 > 94&Row=80 > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496 > fax: (202) 797-5444 > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
