Ok Thanks :) I guess my next question is: Is there any way to use the "check that file exists" setting in IIS while using SES URL's.
Example: http:www.mysite.com/index.cfm/fuseaction/display/ Brook At 05:05 AM 2/2/03 +0000, you wrote: >Forgot to include another link that may help you > >http://www.securitytracker.com/alerts/2003/Jan/1006023.html > >Cheers > > > --- [EMAIL PROTECTED] wrote: > Hello Weekenders, > > > > I'm sure most of you got the MM Security bulletin > > the other day > > (http://www.macromedia.com/security). I am trying to > > figure out what the > > security breach is if the steps outlines in the > > Security Bulletin are not > > taken. It doesn't describe what level of access an > > attacker could gain > > through this exploit. And since we use the SES Url's > > > > (mysite.com/index.cfm/myvar/myvarvalue/), I can not > > easily implement this > > security fix because checking the "check that file > > exists" box in IIS > > causes 404's since, the file name is buried in the > > query string. > > > > So If any one can fill me in on the severity of this > > exploit and then I can > > appropriately decide if I need to make some serious > > changes to multiple > > sites or find an alternative. > > > > Thanks > > > > Brook Davies > > maracasmedia > > > > > > > >__________________________________________________ >Do You Yahoo!? >Everything you'll ever need on one web page >from News and Sport to Email and Music Charts >http://uk.my.yahoo.com > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
