That is not the only hole you will find when multiple CF sites are hosted on
the same server. Although, most hackers are not paying customers, so this
usually is not a problem.
If you are that sensitive about security, you should have a dedicated web
server.
Although I would like to see a version of CF Server aimed towards web
hosters, that maybe includes more isolation of each site on a server.
jon
----- Original Message -----
From: "Gena" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, October 12, 2000 9:32 PM
Subject: Security hole Re: cfm-resources??
> By the way http://www.cfm-resources.com has big security hole. They didn't
> disable CFDIRECORY tag and anyone can walk through whole HD drive and took
> all templates/database using CF.
>
> But to say true we found that _ALL_ hosting company we used have the same
> problem.
>
> Gennadi
>
>
> > why not throw a junk template in with the following
> >
> > <cfoutput>#GetDirectoryFromPath(GetTemplatePath())#</cfoutput>
> >
> > and see what it is?
> >
> > Fred T. Sanders
> > Charlottesville, VA
> > -------------------------------------------
> > You guys start programming...
> > I'll go see what they want.
> >
> >
> > ----- Original Message -----
> > From: "HappyToad.com" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Thursday, October 12, 2000 5:21 PM
> > Subject: RE: cfm-resources??
> >
> >
> > > Sorry I was referring to the full path not the url.
> > > Any Ideas,
> > > rich
> > >
> > > -----Original Message-----
> > > From: Jack Tumlin [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, October 12, 2000 5:02 PM
> > > To: CF-Talk
> > > Subject: Re: cfm-resources??
> > >
> > >
> > > Try
> > http://www.cfm-resources.com/ViewMemberSite.cfm?AccountName=yourwebsite
> > >
> > > At 04:12 PM 10/12/2000 -0400, you wrote:
> > > >Does anyone know the new path for users of cfm-resources.com??
> > > >
> > > >Rich
> > >
> >
>
>---------------------------------------------------------------------------
> > > ---
> > > >Archives: http://www.mail-archive.com/[email protected]/
> > > >To Unsubscribe visit
> > >
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
> > or
> > > >send a message to [EMAIL PROTECTED] with
'unsubscribe'
> in
> > > >the body.
> > >
> > > Jack Tumlin
> > > Vice President Business Development
> > > Millennium Software, Inc.
> > > The Software Solutions Company
> > > [EMAIL PROTECTED]
> > > www.millsoftinc.com
> > >
> >
>
> --------------------------------------------------------------------------
> > --
> > > --
> > > Archives: http://www.mail-archive.com/[email protected]/
> > > To Unsubscribe visit
> > >
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
> or
> > > send a message to [EMAIL PROTECTED] with 'unsubscribe'
> in
> > > the body.
> > >
> >
>
> --------------------------------------------------------------------------
> > ----
> > > Archives: http://www.mail-archive.com/[email protected]/
> > > To Unsubscribe visit
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
or
> > send a message to [EMAIL PROTECTED] with 'unsubscribe'
in
> > the body.
> > >
> >
>
> --------------------------------------------------------------------------
> ----
> > Archives: http://www.mail-archive.com/[email protected]/
> > To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> >
>
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
