> getPageContext().forward(form.redirect);
> </cfscript>
>
> Here's their concern:
> The Java snippet that you have concerns me. While I
> understand its purpose, it exposes a potential threat. For
> example, if I knew the relative path to your admin pages, I
> could call a change password utility for users and execute the code.
>
> Is this valid? If so, how would you go about preventing that
> from happening?
No, I don't think so. If you know the path to the admin pages, you would
just enter it! This is only a threat if your admin pages are not secured.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
