First of all, IP address are by nature, public information. Thats like saying your house is less secure because a burglar can find your address in the yellow pages.
Secondly, this security _expert_ is no expert. Any expert wouldn't make such blanket statements like CF is less secure. In fact, in comparison .NET is a lot less secure than CF due to its deep ties with the operating system. Finally, any server is as secure as you make it. Just as any application is as secure as you code it. Simply using a site-wide error handler would prevent the prior example from displaying the internal error message. -Adam On 10/7/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I heard a challenge from a security consultant that "if you are using > ColdFusion you do not have a secure server." He maintains that CF is full of > things a hacker can access. For example he gave the following example. If > you attempt to open a CF website with the following command it will generate > an error message that gives you the IP address of the CF server: > > sitename.org/*.cfm > > I tried this on a wide variety of sites and found that most CF sites return > the error with the IP address. Some, however appear to trap this error > somehow. > > What should be done on a CF server to prevent that type of error exposing the > IP address of a CF server? > > This error is occuring prior to the execution of an application.cfm file in > the host root directory so you cannot programatically trap it. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220309 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
