> What if your IIS is in the 'LockDown' state? If you run the IIS Lockdown tool, it allows you to disable various pieces of IIS functionality to avoid any vulnerabilities in those pieces. That's a good thing, because these IIS pieces are typically chock-full of buffer overflows and other problems, and most people don't use those things anyway.
However, that doesn't really have anything to do with what you do in your CFML pages. If you've installed URLScan, you can use that to limit form and URL input to a significant degree, but you have to allow some leeway within the input filter settings so that you can use form and URL input in your CFML apps. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
