I think your "Security Consultant" is full of crap and is talking out
of his ass about something he knows nothing about.  If he were doing
his job he would be handing you a checklist of things to be aware of
and help you determine how to handle them.  The specific problem he
pointed out to you is a configuration issue, and doesn't mean the
software's insecure in nature, only that it's misconfigured for
security purposes.

On 10/7/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> I heard a challenge from a security consultant that "if you are using
> ColdFusion you do not have a secure server."  He maintains that CF
> is full of things a hacker can access.

This statement is true, but he's misquoted it.  It should actually be
"If you are using soffware you do not have a secure server".  All
software is full of things a hacker can access.  A security
professional's job is to help you develop practices that mitigate that
risk as much as possible.

If you (or anyone else on the list) are interested, I can get you in
touch with a large, well established and respected security firm that
does quite a bit of consulting in the CF world (for substantial
companies) who can help you develop your practices to be secure.

-Cameron

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble 
Ticket application

http://www.houseoffusion.com/banners/view.cfm?bannerid=48

Message: http://www.houseoffusion.com/lists.cfm/link=i:10:5582
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/10
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:10
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.10
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to