You're kidding, right?
http://devex.allaire.com/developer/gallery/info.cfm?ID=B61C031D-2CE5-11D4-83
D700508B94F85A&method=Full
http://www.rixsoft.com/ColdFusion/CFX/CFMEncrypt/
http://packetstorm.securify.com/9907-exploits/cfdecrypt.txt
http://shroom.dv8.org/bmp/crypt.cgi
http://www.rewted.org/exploits/sorted-by-date/07-1999/cfdecrypt.c
CF Encryption is broken. It'll keep honest people out of your code, but it
is by no means a "solution".
(Sorry, I'm not trying to be mean or anything, I just don't think it's good
that people put all their eggs in one basket. Or, in this case, all of
their faith in a broken system.)
-Rick
-----Original Message-----
From: Johan Coens [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 04, 2000 3:46 AM
To: [EMAIL PROTECTED]
Subject: RE: Allaire security problem - anyone know solution?
One easy solution to do:
CFENCRYPT it
-----Original Message-----
From: Mooner Ent [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 4 augustus 2000 5:50
To: [EMAIL PROTECTED]
Subject: Re: Allaire security problem - anyone know solution?
Allaire security bulletin says
Originally Posted: May 22, 2000
Last Updated: May 22, 2000
Why are we just finding out that our entire Server side code can be read???
I check the security section often, did I over look it?
We found out about DATA much sooner.
Rick
Excuse the rant.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
