My problem with this Kart is the amount of holes in it. I had an entire server brought down from defacement from this... however, some of that was the lack of sandboxing the app to its own space. Essentially, it was not validating ANY user input (or URL input) and allowing script kiddies access to the DB and its result set in the title of every page of the site based on the URL params you passed in. It didn't store username/password combination in the database, and once they were in to the admin page, they had free reign to upload pages at will. I closed this hole on my local copy, and will never use this code for any other kart again.... ever. I'm rolling my own for all future clients.
Matthew Williams Geodesic GraFX www.geodesicgrafx.com/blog ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:334892 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
