Raymond Camden wrote:
>>I would kill anybody who tried that on a server of me :)
>
> Why? This is no different then any other HTTP request. It's only an
> issue if they didn't cache the result. To me, this is the same as
> someone doing <img src="my server">. If they hit me too many times, I
> stop them.
I mean: who runs that cfx tag from one of my servers.
>>Doing that requires stuff like parsing HTML. But also parsing
>>javascript
>>and other nice goodies coming from other sites of which you
>>do not know
>>the intentions. Just imagine if the URL you are requesting is
>>actually a
>>redirect to file:///c:\winnt\odbc.ini or simply has a frame that
>>displays that.
>
> Err, why is this an issue? If I parse the result, I can very easily
> ignore any redirects. And why would you (this is your server remember)
> perform a redirect to file://etc?? Even if you did, for example, return
> a metatag that did a redirect, it would be on my server and be my choice
> to follow the redirect - but since it's my server, it wouldn't hurt
> anyone.
Hosted server filesystem layout:
d:\
www\
customer1\
customer2\
If that tag is installed, customer1 can make an image of the URL
file://d:\www\customer2\ and he won't be stopped by anything.
Jochem
______________________________________________________________________
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
