> On another hand, why Adobe hasn't change the way CF > is installed if its not safe?
Layers... it's all about layers. If a vulnerability is found in the CF admin or some other exposed piece, you don't want an attacker to be able to take over the whole operating system. The lockdown guide shows you how to configure everything around CF so that in the event of a breach you're not letting it be a path into your entire server. Many of the vulnerabilities found in CF wouldn't be a big deal if people configured the server CF runs on in a more secure manner. This is the whole reason the credit cards companies bang the PCI-DSS drum so hard... they want multiple layers of security and access controls so that the failure of any one of those layers will not leave the entire system out in the open. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357984 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
