"Security by obscurity is not a good mechanism... let everyone see."
Yes really... Thats what MS does... Hide everything so you cant see the holes? This community may find out your NOT as secure as you thought? On 8/1/07, Dean H. Saxe <[EMAIL PROTECTED]> wrote: > Security by obscurity is not a good mechanism... let everyone see. > > -dhs > > > Dean H. Saxe, CISSP, CEH > [EMAIL PROTECTED] > "What is objectionable, what is dangerous about extremists is not that they > are extreme, but that they are intolerant." > -- Robert F. Kennedy, 1964 > > > On Aug 1, 2007, at 3:24 PM, John Mason wrote: > > Dean, I'll need to email you off list after the meeting. I naturally don't > like sharing that stuff in the open for everyone to see. > > For everyone out there - needless to say, don't just depend on the CF level > of security. Security should always include multiple layers. Otherwise it > won't hold up very well. > > John Mason > [EMAIL PROTECTED] > 770.337.8363 > > www.FusionLink.com - ColdFusion and Flex hosting > Now offering ColdFusion 8 Enterprise hosting > FREE Subversion hosting > > ________________________________ > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe > Sent: Wednesday, August 01, 2007 3:17 PM > To: [email protected] > Subject: Re: [ACFUG Discuss] CF Service Account > > Sandbox security is fine when it is backed up by OS-level security. > > What hack do you refer to? That's a new one on me. > > -dhs > > > Dean H. Saxe, CISSP, CEH > [EMAIL PROTECTED] > "[U]nconstitutional behavior by the authorities is constrained only by the > peoples' willingness to contest them" > --John Perry Barlow > > > On Aug 1, 2007, at 3:12 PM, John Mason wrote: > > There's some, but there's a known remote java class hack to get around it. > I'm testing CF8 for this issue. Bluedragon doesn't have this issue by the > way. For a lot of things sandboxing is certainly good if people would just > use it ;) > But if you have COM objects on and CF is running under the local service > account. Which a lot of people do for some reason. You can pretty much do > anything you want to a server. Taking CF off local service account achieves > a lot of known security issues out right and it's easy to implement. That's > why I jump on that whenever possible. > John Mason > [EMAIL PROTECTED] > 770.337.8363 > www.FusionLink.com - ColdFusion and Flex hosting > Now offering ColdFusion 8 Enterprise hosting > FREE Subversion hosting > > ________________________________ > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Arehart > Sent: Wednesday, August 01, 2007 2:59 PM > To: [email protected] > Subject: RE: [ACFUG Discuss] CF Service Account > > > No value in the resource/sandbox security? :-) > /charlie > > ________________________________ > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon > Sent: Wednesday, August 01, 2007 2:05 PM > To: [email protected] > Subject: RE: [ACFUG Discuss] CF Service Account > > > > > Thank you John and Dean for your feedback. The CF script needs to write the > contents of a web form to a folder on another server so that an application > on that server can read in the form results. > > > ------------------------------------------------------------- > Annual Sponsor - Figleaf Software > > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink > ------------------------------------------------------------- > ------------------------------------------------------------- > Annual Sponsor - Figleaf Software > > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink > ------------------------------------------------------------- > > ------------------------------------------------------------- > Annual Sponsor - Figleaf Software > > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink > ------------------------------------------------------------- > -- <K /> "A government big enough to give you everything you want, is strong enough to take everything you have." -Thomas Jefferson "If your a horse, and someone gets on you, and falls off, and then gets right back on you; I think you should buck him off right away." -Todays deep thoughts "The winner in any meeting is the one with the highest caffeine resistance and bladder capacity" -Roger Wright ------------------------------------------------------------- Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
