Re: The long tail of analogy hell.
On 3/28/14, 4:42 PM, "Russ Michaels" <[email protected]> wrote: > >A locked door is useless if you leave the windows open. > >Russ Michaels >www.michaels.me.uk >cfmldeveloper.com >cflive.net >cfsearch.com >On 28 Mar 2014 19:09, "Dave Watts" <[email protected]> wrote: > >> >> > I also once had a client who did this, they were Linux heads who >>thought >> > that hiding the "sucky insecure windows/cf server" behind a linux >>server >> > and doing a reverse proxy would make it secure. >> >> There is no such thing as "make it secure", of course. But it is more >> secure. It solves one specific security problem - preventing >> executable code from being directly accessed from an untrusted >> network. >> >> > But of course it didn't as everything still works the same way, the >>SQL >> > injections still got through, the insecure file upload forms still >> allowed >> > files to be uploaded, which could then be executed as they had >>cfexecute >> > and cfregistry enabled. >> >> So what you're saying is that, despite the fact that the environment >> was (more) secure by default, developers accidentally wrote >> exploitable code? >> >> I have the feeling there's some lesson to be drawn from this. I wonder >> what it is? >> >> Dave Watts, CTO, Fig Leaf Software >> 1-202-527-9569 >> http://www.figleaf.com/ >> http://training.figleaf.com/ >> >> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on >> GSA Schedule, and provides the highest caliber vendor-authorized >> instruction at our training centers, online, or onsite. >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358210 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
