Re: [Re: AOL uses CF! - being resolved]

Mon, 01 May 2000 13:00:30 -0700 

Answers embedded below:

----- Original Message -----
From: MATTHEW EHRENS <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 01, 2000 3:57 PM
Subject: Re: [Re: AOL uses CF! - being resolved]


CF-TALK:

Thanks to Chris Porter for getting in touch with me about the issue.  I'm
the
webmaster of the AOL Webmaster Info site. Since I just joined this list at
Chris' suggestion,  I missed the discussion earlier... I have been working
(slowly) on a similiar article for the site to cover these types of security
issues.

I've double checked the database permissions allowed to the web user, and
they
should not be able to do anything but SELECT from the tables.

Since I missed the discussion earlier, was there a documented case (or URL)
that you guys thought would compromise the system??  Is there an archive of
this list posted anywhere?

========================================
http://www.houseoffusion.com/hof/openaccess.htm

Archives: http://www.eGroups.com/list/cf-talk
========================================

Regards,

Howie Hamlin
--
inFusion Project Manager; On-Line Data Solutions, Inc. (631)737-4668
===================================================
Please vote for iMS in the Most Innovative category here:
*** http://www.sys-con.com/ColdFusion/readerschoice2000/ ***
===================================================
Check out inFusion Mail Server - the world's most configurable email server
*** inFusion Authenticator for IIS is now released! (download from
CoolFusion.com) ***
http://www.teletrends.com and http://www.coolfusion.com
Software and utilities for ColdFusion, iHTML, Website, NTMail
Latest versions available from our web site (inFusion Authenticator version
2.0 for WebSite and NTMail is now released)


Thanks for all your help in resolving this.

Matt Ehrens

----- Original Message -----
From: "Chris Porter" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 01, 2000 11:57 AM
Subject: Re: AOL uses CF! - being resolved


> FYI to resolve the issue, i just talked  with the webmaster & it's being
> taken care of as we speak.. thanx to all for the the help.
>
> p.s. my personal opinion is, let a wide audience know & one is likely to
> know the person who should take care of it.. (6 degrees of seperation &
all
> that.. www.6degrees.com)
>
> :)
> -chris
>
>
> At 04:48 PM 4/30/00 -0400, you wrote:
> >I found a section of AOL.COM that is driven by CF.  This section is
linked
> >from almost every page on AOL.COM ("webmaster info", on the bottom
> >navigation)./
> >
> >Interesting because AOL = Netscape = Livewire = CF competition
> >
> >http://webmaster.info.aol.com
> >
> >PS- This section suffers from the SQL Server exposed URL parameter hack
> >problem.  Now none of you kids go dropping any tables, you hear me?
> >
> >:)
> >
>
>---------------------------------------------------------------------------
> ---
> >Archives: http://www.eGroups.com/list/cf-talk
> >To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> >
>
> --------------------------------------------------------------------------
----
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>

----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the
body.


____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=sts&body=sts/cf_talk or send
a message to [EMAIL PROTECTED] with 'unsubscribe' in the
body.

------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to