RE: Bad cfml.exe ???

Jacob Fri, 23 Jun 2000 08:31:13 -0700
I agree.  But since this site was set up about 4-5 years ago, this is the 
way it has been.

This is not a big concern now since I can still use the cfml.exe 
from  4.0.0.  Since 4.0.1 is a small upgrade to 4.0.0, I am not going to 
lose very many feature with the new cfml.exe.  We are talking about 
changing this problem, but it may be a while until it is finished.  We have 
about 200,000 html pages to go through.

The new stuff we implement does not use the cgi directory.

Jacob

At 10:12 AM 6/23/00 -0400, you wrote:
> > I can't help with the problem you mentioned, but I WOULD
> > point out that - at least when I was working with Perl -
> > putting executables into a public-accessable CGI directory
> > was regarded a really, really good way to let people execute
> > arbitrary code on your system.
> >
> > In other words, a big fat security hole.
> >
> > I don't know if this is a no-no with CF, given that I have no
> > experience with CF on a non-NT environment; but I'd keep it in mind,
> > unless you're absolutely sure that's the right thing to do.
>
>This is how CF used to work, prior to version 2.0. It conceivably might have
>been a security hole, but that's the way Allaire instructed setting it up.
>There's not a lot that the CFML.EXE application does in any case; it's a
>stub that sends the HTTP request to the CF Application Server, which
>actually does all the work.
>
>Nowadays, practically no one uses the CGI stub anymore, and rather than
>worrying too much about security, I'd worry about the awful performance that
>you'd get from using the CGI stub. Website, like IIS, Netscape and Apache,
>supports the use of in-process modules.
>
>Dave Watts, CTO, Fig Leaf Software
>http://www.figleaf.com/
>voice: (202) 797-5496
>fax: (202) 797-5444
>
>------------------------------------------------------------------------------
>Archives: http://www.eGroups.com/list/cf-talk
>To Unsubscribe visit 
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or 
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in 
>the body.


------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Bad cfml.exe ???

Reply via email to
