Yea, I've read about this problem with CFPOP somewhere... Spooky! Anyway, is more than clear that now CFMX is the choice for hosting providers.
Thanks! Alex > ---------- Mensagem original ----------- > > De : Jochem van Dieten <[EMAIL PROTECTED]> > Para : CF-Talk <[EMAIL PROTECTED]> > Cc : > Data : Sun, 21 Jul 2002 20:00:17 +0200 > Assunto : Re: CFHTTP, security hole? > > Alex Hubner wrote: > > > > Pull_action.cfm (on my remote server): > > _________ > > <CFHTTP METHOD="get" > > URL="http://www.source_server.com.br/anyfolder/#url.anyfile#"; > > PATH="d:\anyfolder" FILE="#url.anyfileToSave#"> > > > > Well, as you can see this code "uploads" the 'anyfile' file to the > > D:\anyfolder in the remote server. As many shared hosts, using bas ic > > security, allow CFHTTP operations but disallow CFFILE operations ( for > > security reasons) this can be a security problem since I can repla ce > > any file, including those under C:\winnt\system32 and also under > > other website folder... This can be considered a security problem? As > > far as I can see there's a LOT of shared hosts companies using CF > > Basic Security (disabling all tags)... CFHTTP cannot be disabled i n > > this scenario. Advanced Security solves it? > > cfhttp and cfpop (automatic retrieval of attachments and overwriting of > existing files) have this problem. In CF 5 this can be resolved usin g > Sandboxes if you have Enterprise edition, not using just Advanced Se curity. > In CF MX you should be able to resolve this using Sandbox Security a s > well, but I haven't finished testing it so I do not speak from exper ience. > http://livedocs.macromedia.com/cfmxdocs/Administering_ColdFusion_MX/ Security3.jsp > > Jochem > > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
