And to poke big gaping holes in their stories. That's my favorite part. <!----------------//------ andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --------------//--------->
-----Original Message----- From: Ken Ferguson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:22 AM To: CF-Talk Subject: Re: ColdFusion Security Holes - Best Practices Because the IP address of a server should be hidden???? There are always simple methods to find the answering IP for a domain. If there wasn't a way to find the ip address for a given domain name, then DNS wouldn't work. Also, even if you're not trapping the error the screen shows the REMOTE_ADDRESS, which is the client machine's address, not the server's. Obviously, Wally is a bit of a moron. I would imagine that he's trying to sound intelligent and scare people away from a specific area of technology about which he has no clue. You run into these people all the time in this business. I always find it highly entertaining to poke fun at them. --Ferg Michael T. Tangorre wrote: >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>I heard a challenge from a security consultant that "if you >>are using ColdFusion you do not have a secure server." He >>maintains that CF is full of things a hacker can access. For >>example he gave the following example. If you attempt to >>open a CF website with the following command it will generate >>an error message that gives you the IP address of the CF server: >>sitename.org/*.cfm >> >> > >First off, that is an ignorant statement. That security consultant needs a >little edumacation. > > > >>I tried this on a wide variety of sites and found that most >>CF sites return the error with the IP address. Some, however >>appear to trap this error somehow. >> >> > >With what IP Address? Yours? > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220308 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
