RE: Important ColdFusion Security Patch Released Today

[mherbene]

I asked:
> What workarounds, if any, can be used instead of applying 
> the patch?

Adam Berry said:

"There is not a work around other than the patch, which is why we released
it. "


This kind of blanket statement is hard to accept.  What if IIS security has
been used to only allow connections from certain IPs, or IIS requires
authentication?  Would that take care of it (assuming the people I'm
trusting by these means are actually trustworthy)?  


------------------------------------
Martin Herbener
Kentucky Department of Education 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists