| This is just a matter of curiosity for me now (dammed trait of mine) so | don't waste your time doing my own research for me... but if any of you | already know: Where can I read a specific example of what this security | risk actually IS - if it involves something more than exploiting bad | developer practices?
You may have to be careful so that the handling and rules matches different scenarios. If you have set up the cfml handler to process files named '.cfm', what happens when there is a request for a cFm file. If the handler is not processing the file, and the file system is not case sensitive (e.g. windows) then that file might be served as text instead - giving the client/attacker full access to your source code. | Forgive my profanity, | Al | | On 5/14/2012 11:13 AM, Matthew Woodward wrote: | | Until a malicious cracker decides to pick on you of course ... | | | -- | online documentation: http://openbd.org/manual/ | google+ hints/tips: https://plus.google.com/115990347459711259462 | http://groups.google.com/group/openbd?hl=en -- online documentation: http://openbd.org/manual/ google+ hints/tips: https://plus.google.com/115990347459711259462 http://groups.google.com/group/openbd?hl=en
