On 2/25/07, Dave Watts <[EMAIL PROTECTED]> wrote: > > > I wouldn't recommend relying on Host headers, since they can easily be > sent > from the browser.
True, in fact that's how they always get sent :) However, I was referring to the previous post about actually using a domain that doesn't actually exist and just putting it in your local machine's hostfile. Then the only way to access it would be if you knew the IP address *AND* the domain name that is being used for the specific web site you're trying to hack into. If someone is sniffing your packets, of course, it doesn't help at all. The real disadvantage of course with using hostheaders is that you can't use SSL to secure your coldfusion administrator. Rick -- > I'm not certified, but I have been told that I'm certifiable... > Visit http://www.opensourcecf.com today! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270641 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
