We have not. We talked about it but we haven't. Even if we did, both instances on the same server should be affected, not just one.
Johnny >Did you recently apply a hotfix, as there is one that fixes an issue with >the cross site scripting, perhaps this wa sthe issue. > >Russ > >-----Original Message----- >From: Johnny Le [mailto:[EMAIL PROTECTED] >Sent: 28 September 2006 14:53 >To: CF-Talk >Subject: CFMX and cross-site scripting attack? > >Hi, > >We have 3 development servers and 3 production servers on 3 different >networks. We deployed an application across all 6 servers. All of them >have the "enable global script protection" setting in CFAdmin checked. >Everything was working great. Suddenly today, the app on one of the >production server changed <script to <INVALIDTAG. It took us a while to >figure out that this is CFMX 7 feature to prevent cross-site scripting >attack. To disable, we can either uncheck the global setting in CFAdmin or >add a scriptprotect attribute to the cfapplication tag. > >Now the question is why do all 6 servers have this global setting checked, >but only one server did this, and it didn't do it to start with. More than >that, we have two instances on this server, and only one instance did this. >So it looks like the global setting alone doesn't do it. There is something >else that triggers the change. Could it be this and a combination of some >settings in the IIS? I would greatly appreciate it if someone could shed >some lights on it for me. >Thank you. > >Johnny ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254624 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
