-----Original Message----- From: Dave Watts [mailto:[email protected]] Sent: 28 March 2014 18:41 To: cf-talk Subject: Re: "The long tail of ColdFusion fail"
>>I've got bad news for you. Stick this in Google: >>[product] default vulnerability >>and prepare to be amazed. Some suggestions: PHP, IIS, Apache. Not all allow remote users to execute arbitrary code, but plenty do. I get it. Because other technologies and applications are bad it's fine for CF to be bad, too. Regardless of how much we have to pay for it. >>I submit to you that it should not be surprising that products explicitly designed for security purposes, like firewalls and VPNs, will be expected to be secure by default. "I submit to you", LOL. Awesome. So, a business invests in all of the security available, such as firewalls, only to have CF open the gates What a brilliant piece of logic. I submit to you, that's screwed up. > The notion that it's the sys admins fault if a product installs in an > unsecure way beggers belief. >>No, that's not the sysadmins' fault. But leaving a product at the default install state on an untrusted network - that IS the sysadmins' >>fault. How is a sysadmin going to make sure that the developers' >>applications are secured properly, if he doesn't know enough to secure the one web application that's packaged with the product? The long list of security measures that have to take place after a standard CF install are ridiculous. Believe it or not, sys admins have better things to do with their time. Dave, I suggest you wander down to your corporate IT department and offer to help them out for a few days so you get a taste of reality. -- I am using the free version of SPAMfighter. SPAMfighter has removed 10680 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len Do you have a slow PC? Try a Free scan http://www.spamfighter.com/SLOW-PCfighter?cid=sigen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358225 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
