David Caplan wrote: > Can anybody tell me the most glaring secutiy holes associated with CF, in > particular CFFILE? People have been hacking some sites of mine and I think > It may be CF related.
A description of the symptoms and maybe some lines from your logs would be most helpfull. Do you still have the CF documentation (bad) or the example applications (really bad) on your website? Do you allow untrusted others to write code for your server without disabling the CFFILE and CFDIRECTORY tags (for them)? Most glaring security holes are: 1 incompetent OS administrators 2 incompetent webserver administrators 3 incompetent CF administrators (see questions above) 4 bad CF code Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
