Thanks for the compliment. We pride ourselves in excellent hosting with excellent customer service!
Jochem, I am sure that will work. You would of course need to know the name of the file but if you could do that with CFHTTP you could probably do it with CFDIRECTORY to find the file... Neil ----- Original Message ----- From: "Alex Hubner" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, July 21, 2002 8:45 PM Subject: Re: CFHTTP, security hole? > I deeply agree but, as we know, not everything is perfect... I saw > people running Professional versions with basic security (disabling > all tags) and offering it as a shared ColdFusion hosting > solution...!! ColdFusion is relative "new" here in Brazil. We're more > inclined to ASP/PHP and even Perl than ColdFusion... I can say that > CF is only 5-10% of the server-side market here. This porcentage is > increasing significantly now... But you still see poor server > administrators (a lot, in other words). > > Just an example: > > http://www.localweb.com.br/opcoes/coldfusion.asp > > One of the biggest share hosting providers here (with more than a > 100k hosting accounts). > > It states: the following tags are not available... (which means they > use basic security - i've tested myself)... They are actually good > and secure with ASP and stuff, but I can't say the same with CF... > > By the way: HostMySite is a great place! I'm using CFMX hosting from > you and it's very good! > > []'s > Alex > > > > ---------- Mensagem original ----------- > > > > De : "Neil H." <[EMAIL PROTECTED]> > > Para : CF-Talk <[EMAIL PROTECTED]> > > Cc : > > Data : Sun, 21 Jul 2002 20:06:49 -0400 > > Assunto : Re: CFHTTP, security hole? > > > > Anyone not running advanced security on CFMX in a hosting environmen > t isn't > > bright. They couldn't have made it any easer. At www.HostMySite.co > m we run > > advanced and it works very well. > > > > Neil > > ----- Original Message ----- > > From: "Alex Hubner" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Sunday, July 21, 2002 4:13 PM > > Subject: Re: CFHTTP, security hole? > > > > > > > Yea, I've read about this problem with CFPOP somewhere... Spooky! > > > > > > Anyway, is more than clear that now CFMX is the choice for hosting > > > providers. > > > > > > Thanks! > > > Alex > > > > > > > > > > ---------- Mensagem original ----------- > > > > > > > > De : Jochem van Dieten <[EMAIL PROTECTED]> > > > > Para : CF-Talk <[EMAIL PROTECTED]> > > > > Cc : > > > > Data : Sun, 21 Jul 2002 20:00:17 +0200 > > > > Assunto : Re: CFHTTP, security hole? > > > > > > > > Alex Hubner wrote: > > > > > > > > > > Pull_action.cfm (on my remote server): > > > > > _________ > > > > > <CFHTTP METHOD="get" > > > > > URL="http://www.source_server.com.br/anyfolder/#url.anyfile#"; > > > > > PATH="d:\anyfolder" FILE="#url.anyfileToSave#"> > > > > > > > > > > Well, as you can see this code "uploads" the 'anyfile' file to > the > > > > > > > > D:\anyfolder in the remote server. As many shared hosts, using > bas > > > ic > > > > > security, allow CFHTTP operations but disallow CFFILE operatio > ns ( > > > for > > > > > security reasons) this can be a security problem since I can r > epla > > > ce > > > > > any file, including those under C:\winnt\system32 and also und > er > > > > > other website folder... This can be considered a security prob > lem? > > > As > > > > > far as I can see there's a LOT of shared hosts companies using > CF > > > > > Basic Security (disabling all tags)... CFHTTP cannot be disabl > ed i > > > n > > > > > this scenario. Advanced Security solves it? > > > > > > > > cfhttp and cfpop (automatic retrieval of attachments and overwri > ting > > > of > > > > existing files) have this problem. In CF 5 this can be resolved > usin > > > g > > > > Sandboxes if you have Enterprise edition, not using just Advance > d Se > > > curity. > > > > In CF MX you should be able to resolve this using Sandbox Securi > ty a > > > s > > > > well, but I haven't finished testing it so I do not speak from e > xper > > > ience. > > > > http://livedocs.macromedia.com/cfmxdocs/Administering_ColdFusion > _MX/ > > > Security3.jsp > > > > > > > > Jochem > > > > > > > > > > > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
