If you put it behind a firewall you may be able to block any commands
coming from that ip but from outside the firewall. It might be tricky to
get CFFile to work behind a firewall (I don't know if it requires a
specific port and if so what port that might be) but I think you can do
this. No one outside your firewall could be using that ip unintentionally.
At 12:23 AM 8/18/00 -0400, you wrote:
>I run a simple website that has users fill out a little profile information
>about themselves and they also upload a picture of themselves. Our
>website was
>recently hacked as someone emulated their IP to be 127.0.0.1 and then
>exploited
>the fact that our pictures directory was set to 777 and began deleting and
>changing pictures. What can be done to protect this directory? It needs
>to be
>set to 777 so users can upload, edit and delete their own pictures, but since
>cold fusion runs as nobody is there anything I can do?
>
>I called Allaire and they have been no help. There only recommendation
>thus far
>was to "turn CFFILE off" which is not very practical. It is amazing to me
>that
>Allaire can't offer more assistance, hard for me to believe that no one
>else has
>had this problem. So I turn to the genuis of this listserv. Anyone else have
>this problem and have solutions to this security hole?
>
>Thanks in advance,
>Ron
>
>
>------------------------------------------------------------------------------
>Archives: http://www.mail-archive.com/[email protected]/
>To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
