To clarify, I was oversimplifying above when I said 'code is being executed on your server'. Pete's script example would of course need to link up with some other vulnerability for that to happen (i.e. an unpatched exploit of some kind).
Since you can't predict such things, you minimize the number of liberties someone can take with your server's tender innocence. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357817 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm