I agree that the security risk is the hacker knowing what software ( in this case, ColdFusion, and version ) is being used on the server in question. It does not matter if you see the IP address.
regards, AAddleman On Oct 7, 2005, at 7:25 AM, James Downes wrote: > No, an IP address is an address. > > It tells you where something is and how to get there. > > When you get there you can try and attack whatever responds to that > address. That could be a firewall, a load balancer or a server. > > Any security risk is in the responder, not in the address. Knowing the > address lets you get there, but isn't in its own right a risk. If your > server is connected to the web, it has an IP address. If you have a > server that is running CF that shouldn't be visible to the net, then > secure it behind a firewall so that it's IP address is hidden (and the > reponder on the end of the address can't be seen). > > If my house gets burgled, it's not because it has an address, it's > because I didn't lock the door, secure the windows etc. > > > James > > Robertson-Ravo, Neil (RX) wrote: > > >> Again, nonsense.....an IP may be a simple load balancer/firewall >> (possibly >> hardware box not server). >> >> >> >> -----Original Message----- >> From: James Downes [mailto:[EMAIL PROTECTED] >> Sent: 07 October 2005 14:50 >> To: CF-Server >> Subject: Re: ColdFusion Security Holes - Best Practices >> >> No they are not, the servers that sit on the end of them are. >> >> >> >> >> >> Thomas Chiverton wrote: >> >> >> >> >>> On Friday 07 October 2005 14:18, James Downes wrote: >>> >>> >>> >>> >>> >>>> If that's the kind of advice you're getting, get a different >>>> >>>> >>>> >> This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, >> Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed >> Business, >> Registered in England, Number 678540. It contains information >> which is >> confidential and may also be privileged. It is for the exclusive >> use of the >> intended recipient(s). If you are not the intended recipient(s) >> please note >> that any form of distribution, copying or use of this >> communication or the >> information in it is strictly prohibited and may be unlawful. If >> you have >> received this communication in error please return it to the >> sender or call >> our switchboard on +44 (0) 20 89107910. The opinions expressed >> within this >> communication are not necessarily those expressed by Reed >> Exhibitions. >> Visit our website at http://www.reedexpo.com >> >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:10:5579 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/10 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:10 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.10 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
