If you're so worried about security why are you trusting your hosting to some other company and sharing infrastructure with others? Shared hosting is simply not secure and there is no way to make it secure.
-Matt > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 06, 2002 10:11 AM > To: CF-Talk > Subject: Hacking" a shared SQL server > > hey guys, i just thought about this, and it's making me feel uneasy > about using shared SQL server. > > ok, i did a test hack on a live server. > > As you know in SQL Enterprise, you're able to see the database names > of other people sharing the SQL server. and by looking at the names > you can probably guess what they named their DSN. I got lucky, and > nabbed one. I pulled out the table names from sysobjects. Then > pulled out the field names from a "very desirable" table using > columnlist, then was able to pull out data! I was appalled! Because > my DSNs are named after my site and anyone could have just done with > I've done, but with a different intent. > > But the only way they will get that far is if they know the DSN. And > to prevent that would be to never us an obvious DSN. name it > something like "Hys72hs"!!!!! > > I had that fear in my mind way from the beginning, but I had thought > that the DSN only works if it is being requested from a certain > site!!! > > and also, can someone tell me how many webHosts turn off the > CFREGISTRY tag? Or if any host even have it on at all? I attempted > to retrieve the DATAsource names from using that tag, but good thing > this host turned it off. > > Also, please let me know of any coldfusion hacks you guys might > know. This is, of course, so you and I can have better security! > > > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
