Our webserver utilizing CF8 was hacked. We're not sure how (in what manner), at least at this point, but I am in the process of moving all CF stuff to a new server using CF10.
I am checking all #variables# used in queries to be sure cfqueryparam is used. We are moving everything from MS Access to SQL Server. I am shedding all cfajaximport's and using jQuery ajax calls. While I don't *think* this is security related, I am also eliminating all cfform's (but, see below). Q1: By eliminating cfajaximport does the public need access to CFIDE or can I lock that down to my access, only? I recall having an issue with validation in cfform that had to do with not finding CFIDE (but I'm eliminating that issue). Q2: As far as CF goes, anything we're missing? Thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354813 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
