then lets hope they dont have the "show ip address" extension for 
firefox.........

~Dave the disruptor~
"Some people just don't appreciate how difficult it is to dispense wisdom and 
abuse at the same time." 

----------------------------------------
From: "Mark A Kruger" <[EMAIL PROTECTED]>
Sent: Friday, October 07, 2005 9:25 AM
To: CF-Talk <[email protected]>
Subject: RE: ColdFusion Security Holes - Best Practices 

Phil,

>From a security standpoint there is the address of the server via DNS
(easily obtained) and then there is the address of the server as it exists
on the internal network or DMZ of the host. Depending on the network setup
this may be quite different and in certain instances can be valuable to a
malicious programmer.

-Mark

-----Original Message-----
From: Phill B [mailto:[EMAIL PROTECTED]
Sent: Friday, October 07, 2005 8:15 AM
To: CF-Talk
Subject: Re: ColdFusion Security Holes - Best Practices

For what its worth, I have never had a problem finding the IP address
for a server using nslookup on my PC. Not to mention what you can find
out using these sites.
http://www.dnsreport.com/
http://www.dnsstuff.com/

You can change how errors are shown by making changes in the debugging
section of the CF Admin.

Phil

On 10/7/05, [EMAIL PROTECTED]  wrote:
> I heard a challenge from a security consultant that "if you are using
ColdFusion you do not have a secure server." He maintains that CF is full
of things a hacker can access. For example he gave the following example.
If you attempt to open a CF website with the following command it will
generate an error message that gives you the IP address of the CF server:
>
> sitename.org/*.cfm
>
> I tried this on a wide variety of sites and found that most CF sites
return the error with the IP address. Some, however appear to trap this
error somehow.
>
> What should be done on a CF server to prevent that type of error exposing
the IP address of a CF server?
>
> This error is occuring prior to the execution of an application.cfm file
in the host root directory so you cannot programatically trap it.
>
>



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble 
Ticket application

http://www.houseoffusion.com/banners/view.cfm?bannerid=48

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220340
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to