Re: The +.htr bug strikes again

Fri, 22 Dec 2000 11:25:29 -0800 

Here, here.  Almost all Linux people who are concerned with security know
that the first thing they need to do is go in and turn off ALL services they
don't need to use at that absolute moment.  I turn off every bloody Linux
service that I don't absolutely need every time I bring up a new machine.  I
suggest anyone who installs ANY type of server software (i.e. ColdFusion
Server) follow this practice.  This applies to all OS' and all programs ..
It just makes sense when you think about it :)

Todd

----- Original Message -----
From: "Dave Watts" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, December 22, 2000 1:11 PM
Subject: RE: The +.htr bug strikes again


> > isn't the bug a microsoft iis issue?  i have tried it on asp
> > pages and can see their code as well...it's not just a cf
> > problem. could this be another "big brother" deal with microsoft
> > by allowing them to put in the +.htr and seeing our source code?
>
> Yes, it's an IIS issue.
>
> No, it's not a "big brother" deal. My guess is that no one at Microsoft
> gives a rat's ass about any of our CF code.
>
> The problem here is more that Microsoft software, like that from many
other
> vendors, provides lots of functionality that the vast majority of users
> don't use or want. With things like MS Office, that results in bloatware.
> With Outlook, it results in email macro viruses. With things like IIS, it
> results in server security problems.
>
> The key is to not install anything you don't need, and to disable what you
> can't avoid installing but still don't need. Microsoft has guidelines for
> securing IIS, but the vast majority of people using IIS - I hesitate to
> refer to them as "administrators" - simply install it, with all its sample
> code and ISAPI mappings.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> voice: (202) 797-5496
> fax: (202) 797-5444



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to