> I also once had a client who did this, they were Linux heads who thought > that hiding the "sucky insecure windows/cf server" behind a linux server > and doing a reverse proxy would make it secure.
There is no such thing as "make it secure", of course. But it is more secure. It solves one specific security problem - preventing executable code from being directly accessed from an untrusted network. > But of course it didn't as everything still works the same way, the SQL > injections still got through, the insecure file upload forms still allowed > files to be uploaded, which could then be executed as they had cfexecute > and cfregistry enabled. So what you're saying is that, despite the fact that the environment was (more) secure by default, developers accidentally wrote exploitable code? I have the feeling there's some lesson to be drawn from this. I wonder what it is? Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358207 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
