Anyone can get the IP Address of the server, simply ping the domain name. Now, depending on the security patches of the server and how it is configured will determine if you can do anything else.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:54 AM To: CF-Talk Subject: ColdFusion Security Holes - Best Practices I heard a challenge from a security consultant that "if you are using ColdFusion you do not have a secure server." He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220301 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
