What is XSS? -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 25, 2007 12:32 AM To: CF-Talk Subject: RE: Security Questions
> I've always thought this was more for load distribution though than > security. No, it's for security. This model is used in high-security configurations to remove all executable functionality, so that if (when?) the web server is compromised, no scripts or programs can be created or modified. It can be done with CF directly using "distributed mode", in which the CF web server integration module is configured to connect to a remote server instead of localhost, or it can be done using a web server configured as a reverse proxy to an internal web server running CF. While this is very effective as a protection against vulnerabilities in your public web server and its OS, this doesn't do anything to protect against application server vulnerabilities such as SQL injection and XSS, which in my opinion are more common, and perhaps more serious. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion is delivering applications solutions at at top companies around the world in government. Find out how and where now http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289421 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
