> From a system security perspective, the approach is generally the default > is *no access*, and then access has to be specifically granted. > > Adobe has taken the opposite approach simply to make life easy, which has > proven to be a foolhardy decision. Repeatedly. For years.
Let me introduce you to my old friend Windows ... > You (and Adobe both) are labouring under some "perfect world" scenario in > which admins actually *do* know what they're doing by default. This simply > isn't true. Adobe need to accept reality and deal with it, rather than > going "well in the perfect world then [this]". But we actually no it's not > a perfect world, so why start the position from there? The reality is that, either way, admins need to know what they're doing. In the current case, they need to learn how to secure a web application. Since people use CF to build other web applications, it doesn't seem like a stretch to me to expect them to learn how to secure web applications. In the case where everything's locked down by default, nothing works, and admins need to learn how to remove security to allow access to a web application. I'm not sure I see much difference there. Either way, someone needs to know how web application security works. If you're in the business of building web applications, this is a fundamental part of your job. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358114 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
