Wally, If that's the kind of advice you're getting, get a different "security consultant". IP addresses are not security risks.
It's true that many hackers are moving from network and OS level attacks to application level attacks, but that doesn't make CF any less secure than other application level product (think ASP, PHP etc). James Downes [EMAIL PROTECTED] wrote: >I heard a challenge from a security consultant that "if you are using >ColdFusion you do not have a secure server." He maintains that CF is full of >things a hacker can access. For example he gave the following example. If >you attempt to open a CF website with the following command it will generate >an error message that gives you the IP address of the CF server: > >sitename.org/*.cfm > >I tried this on a wide variety of sites and found that most CF sites return >the error with the IP address. Some, however appear to trap this error >somehow. > >What should be done on a CF server to prevent that type of error exposing the >IP address of a CF server? > >This error is occuring prior to the execution of an application.cfm file in >the host root directory so you cannot programatically trap it. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Flash for programmers - Flash MX Pro http://www.houseoffusion.com/banners/view.cfm?bannerid=56 Message: http://www.houseoffusion.com/lists.cfm/link=i:10:5568 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/10 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:10 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.10 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
