I can see that there are vulnarabilities - I haven't used the LockDown tool per say, I jusy know how to LockDown IIS to its most secure settings.
I do hear what you are saying, but if you take all the necessary precautions such as patches and security stuff then you have nothing to worry about. -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: 22 January 2003 10:44 To: CF-Talk Subject: RE: Goodbye cruel world > What if your IIS is in the 'LockDown' state? If you run the IIS Lockdown tool, it allows you to disable various pieces of IIS functionality to avoid any vulnerabilities in those pieces. That's a good thing, because these IIS pieces are typically chock-full of buffer overflows and other problems, and most people don't use those things anyway. However, that doesn't really have anything to do with what you do in your CFML pages. If you've installed URLScan, you can use that to limit form and URL input to a significant degree, but you have to allow some leeway within the input filter settings so that you can use form and URL input in your CFML apps. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
