Interesting article. Hadn't come across this flavor of firewall before. I'd query the usefulness of the product though. IISFilt basically does this, as do some apache modules. I suppose your could use this at an entry point to minimise admin, but then you are adding a significant load to your load balancer or whatever.
As for claims like this : "Out of the box, AppShield will protect against form fields being added or removed, hidden form fields having their values changed by the client or client-side cookie modification." are simply untrue IMHO, without enforce conditions on the submit. For example, if the client doesn't supply a http_referer the request will probably break. Many clients. proxies, personal firewalls do this. I may be wrong of course and I'd love to hear how it does this, unless you supply the form to the firewall and say template xyz only has the following form fields , a,b,c. Things like this "cannot parse outgoing JavaScript code and so will flag the URLs generated" will drive you nuts. WG -----Original Message----- From: Michael Ross [mailto:[EMAIL PROTECTED] Sent: 02 July 2003 15:29 To: CF-Talk Subject: Firewall APP Has anyone had any experience or evaluations of these products? There was an article on them in eweek.com http://www.eweek.com/article2/0,3959,1102512,00.asp Kavado Inc.'s InterDo 3.0, Sanctum Inc.'s AppShield 4.0 Teros Inc.'s Teros-100 APS (Application Protection System) 2.1.1 I'm not sure if its worth investigating. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4