hi dave, i have scripts that write to the file system as well. what would i need to do to secure them, do you have a link that i could read in relation to this as i am a little lost as to what to do
thanks > > We are having to scrub our files to remove the injected code (which > is being written directly > > to the files as the result of the hack allowing "FULL CONTROL" for > the Everyone user on the > > machine. > > > > Have you determined a solution for removing/preventing this? > > First, audit your code to find any scripts that can write to the > filesystem. > Second, audit your code to find any scripts that pass unfiltered user > input to the database. > Third, fix that code. > Fourth, configure filesystem permissions properly to prevent CF or > your database from writing to the web server's webroot. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321550 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
