> On Tuesday 28 Apr 2009, Martin Thomas wrote: > > they do this (presuming they then run a brute force attack to get > past the > > form based authentication screen). > > If the web server is configured not to let anyone visit > /CFIDE/Administrator > it wont matter. > > -- But a developer can bundle the adminstration components within their application. So for example, instead of being accessed via the url www.domain.com/CFIDE/administrator/index.cfm, it would be accessed via the url www.domina.com/HelloAdmin/CFIDE/administrator/index.cfm. This gives access to the admin form and AFAIK can't be locked down by the web server configuration.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322059 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
