Someone wrote:
>> number 2 in top 10 internet security threats...
This would only be true if ASP is number one.
On the SANS Website it said:
>> Allaire's ColdFusion is a web server application package which
>> includes vulnerable sample programs when installed. As a general
>> rule, sample programs should always be removed from production systems.
Duh, any operating system or server install that has sample apps that can be
a problem. CF is not unique here. Yet CF has had far fewer problems than IIS
and ASP.
Seriously, though unfair to single out CF, he is right, CGI in general is
very vulnerable. But to lump CF in this case is unfair and probably
indicates that the author has an axe to grind or ox to gore outside of the
scope of this article.
- Steve
-----Original Message-----
From: Len Conrad [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 01, 2000 6:56 AM
To: CF-Talk
Subject: Re: ColdFusion is vulnerable?
>Have a look at this article listing ColdFusion as number 2 in top 10
>internet security threats...
>http://www.sans.org/topten.htm
>
>Comments on a postcard please?
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
