> I heard a challenge from a security consultant that "if you > are using ColdFusion you do not have a secure server."
I'm going to disagree with everyone else here and say, your consultant is absolutely right. If you run a public ColdFusion server, it accepts requests from literally anyone, and runs programs upon request! And, of course, those programs - the CFM files you write - may well have security flaws. And, if you're running ColdFusion, you're probably also running a web server, and we all know how insecure they can be. In summary, public servers aren't secure, in any absolute sense. They may be more secure or less secure than other servers, but that's about it. However, your consultant could have been a little more accurate by saying, "if you are using a server on a public network you do not have a secure server." So, he's right for the wrong reasons, and therefore doesn't really deserve any credit for being right. You should probably avoid his advice. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220468 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
