I think your "Security Consultant" is full of crap and is talking out of his ass about something he knows nothing about. If he were doing his job he would be handing you a checklist of things to be aware of and help you determine how to handle them. The specific problem he pointed out to you is a configuration issue, and doesn't mean the software's insecure in nature, only that it's misconfigured for security purposes.
On 10/7/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I heard a challenge from a security consultant that "if you are using > ColdFusion you do not have a secure server." He maintains that CF > is full of things a hacker can access. This statement is true, but he's misquoted it. It should actually be "If you are using soffware you do not have a secure server". All software is full of things a hacker can access. A security professional's job is to help you develop practices that mitigate that risk as much as possible. If you (or anyone else on the list) are interested, I can get you in touch with a large, well established and respected security firm that does quite a bit of consulting in the CF world (for substantial companies) who can help you develop your practices to be secure. -Cameron ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:10:5582 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/10 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:10 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.10 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
