> I can't help with the problem you mentioned, but I WOULD
> point out that - at least when I was working with Perl -
> putting executables into a public-accessable CGI directory
> was regarded a really, really good way to let people execute
> arbitrary code on your system.
>
> In other words, a big fat security hole.
>
> I don't know if this is a no-no with CF, given that I have no
> experience with CF on a non-NT environment; but I'd keep it in mind,
> unless you're absolutely sure that's the right thing to do.
This is how CF used to work, prior to version 2.0. It conceivably might have
been a security hole, but that's the way Allaire instructed setting it up.
There's not a lot that the CFML.EXE application does in any case; it's a
stub that sends the HTTP request to the CF Application Server, which
actually does all the work.
Nowadays, practically no one uses the CGI stub anymore, and rather than
worrying too much about security, I'd worry about the awful performance that
you'd get from using the CGI stub. Website, like IIS, Netscape and Apache,
supports the use of in-process modules.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
