On 10/7/05, Mark A Kruger <[EMAIL PROTECTED]> wrote: > Phil, > > From a security standpoint there is the address of the server via DNS > (easily obtained) and then there is the address of the server as it exists > on the internal network or DMZ of the host. Depending on the network setup > this may be quite different and in certain instances can be valuable to a > malicious programmer.
> -Mark While this is true, making use of that IP address requires typically requires a more serious compromise so you can actually DO something to the internal/DMZ address. It *does* mean they can skip a scan step (which may be detected) against the internal network (say scanning 192.168.* or 10.* to find hosts) and begin cracking against the CF server (likely by attacking the web server if it's there, or the OS directly). But it also means they are ALREADY in your DMZ (or internal network) if they can do anything with the information. And I'll concur -- the security guy is an idiot. (Oh, no, here I go again with calling people security idiots....) -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220317 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
