Claude, thank you. That's really helpful information and gives me perspective. Eric
-----Original Message----- From: Claude Schnéegans <schneeg...@internetique.com> [mailto:=?ISO-8859-1?Q?Claude_Schn=E9egans <schneegans@interneti=71?= =?ISO-8859-1?Q?ue.com=3E?=] Sent: Friday, January 04, 2013 4:16 PM To: cf-talk Subject: Re: New Security Issue with CF >>I downloaded and reviewed the h.cfm file -- yeah, it is pretty clever. The file itself is some tool designed to be used by developers, probably not developed by rhe hacker himself. He just found a way to store it on servers. >>but how did that hacker place the h.cfm file in /CFIDE/ to begin with? I'm not going to unvail the trick here, all I can say is that there must be a programer at Adobe not very proud of him, if he is still working for Adobe today. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353784 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm