I run a simple website that has users fill out a little profile information
about themselves and they also upload a picture of themselves. Our website was
recently hacked as someone emulated their IP to be 127.0.0.1 and then exploited
the fact that our pictures directory was set to 777 and began deleting and
changing pictures. What can be done to protect this directory? It needs to be
set to 777 so users can upload, edit and delete their own pictures, but since
cold fusion runs as nobody is there anything I can do?
I called Allaire and they have been no help. There only recommendation thus far
was to "turn CFFILE off" which is not very practical. It is amazing to me that
Allaire can't offer more assistance, hard for me to believe that no one else has
had this problem. So I turn to the genuis of this listserv. Anyone else have
this problem and have solutions to this security hole?
Thanks in advance,
Ron
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
