Security through obscurity doesn't really resolve anything. While a step by step isn't necessary, a more enlightening description would be useful.
The next question would be how much of this impacts hosts that offer .jsp regardless of app server in shared hosting environments, or do any? (I've never looked for that kind of hosting, heck I haven't looked for shared hosting in 6 years for that matter). - Calvin -----Original Message----- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 9:13 AM To: CF-Talk Subject: RE: CF on shared hosting No, you aren't missing anything - it's just a demo of how failing to disable JSP can lead to a hacked website, because that's how I added the blog (hacking). I didn't really want to give a script kiddie step-by-step (there's enough out there already without giving them even more info) but I can send more details privately if you want. -----Original Message----- From: Damien McKenna [mailto:[EMAIL PROTECTED] Sent: Tuesday, 14 June 2005 9:05 To: CF-Talk Subject: RE: CF on shared hosting > http://www.robrohan.com/blog/index.cfm?mode=entry&entry=EDCB81 > D8-C8F0-B537-1824A53C962059D3 I don't see anything at this page beyond: ---------------------------------------------------------------- Guest Blogger - Shared Host Security When sharing CF hosting with others, be aware that security is an issue. With Rob's permission, this post was created by me with no access other than a standard account on the same server. If security matters to you, ask your host to sandbox properly and disable JSP. James Holmes ---------------------------------------------------------------- That's all it says. No explanation of *why*, no links, nufink. Am I missing something? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:209441 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
