Nicole,
If you don't consider cffile to be a security concern, then cfexecute it
probably in the same risk ball park, although potentially more harmful, both
can do some damage.
_______________________________________________
Pete Freitag
CFDEV.COM
Cold Fusion Developer Resources
http://www.cfdev.com/
-----Original Message-----
From: Nicole R. Lane [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 03, 2000 6:41 PM
To: [EMAIL PROTECTED]
Subject: Executing DOS command & Security
Hello:
I need to execute a DOS command from within ColdFusion. After looking
over the archives, it seems like I have 3 possible solutions:
CFEXECUTE (if I upgrade to 4.5),
CFX_ShellExec, and
CFX_ConsoleCommand
Can someone enlighten me as to the security risks involved with each and
the pros vs cons? Would it be possible for someone to malicously
execute a "FORMAT" of the server hard drive using any of the above
options?
Thanks,
Nicole
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
