Hmmm, well. That type of error can happen to a lot of languages. The thing is that is not an issue for CF to trap. Instead you would configure your webserver to trap the error. If you refer various CF books that talk about errors what you would want to do is create a custom handler for "bad requests".
I believe most webservers can do this. Check the documentation of your webserver. IIS has a very easy to use handler. Again this is not really a CF issue. Secondly the information is not all that useful. There are lots of ways to get an IP address, and just because you have it does not mean you have some easy way to access. Heck I could give you my internal Ips right now and that wouldn't make it any easier for you to break into my system. I think the security consultant is over simplifing things or perhaps needs more real world experience, don't know. But do let his comment dissuade you. The issue he mentioned is easy to deal with. Hey if Ben Forta's site falls for this error and he is not worried, that should tell you something. Good Luck Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:54 AM To: CF-Talk Subject: ColdFusion Security Holes - Best Practices I heard a challenge from a security consultant that "if you are using ColdFusion you do not have a secure server." He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220313 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
