cfcache security issue?

Hi cfers, We are considering implementing cfcache on our busy site (CF8), but as I understand it, CFMX creates a page on disk for every unique set of URL variables. So what stops a malicious attacker performing an attack where they just flood a cached page with unique URLs?

Re: cfcache security issue?

...@gmail.com To: cf-talk cf-talk@houseoffusion.com Sent: Fri, July 16, 2010 9:34:28 AM Subject: Re: cfcache security issue? Use action=clientcache? On Fri, Jul 16, 2010 at 12:11 PM, Spencer K spencer.4...@yahoo.com wrote: Hi cfers, We are considering implementing cfcache on our busy site

ScriptProtect error replacing insecure tag in scope CGI ??

Hi cftalk: We are running CF8. I am seeing a strange application error ScriptProtect error replacing insecure tag in scope CGI. The error occurred on line -1.. Strangely, there are very few google references to this error, and absolutely no explanations / solutions that I can find. We

CF8: Script Protect just doesn't work

Hi, I am running CF8 and can't get script protect to work at all. In CFIDE I have Enable Global Script Protection checked. I also have the following at the top of my Application.cfc: cfset THIS.scriptprotect= ALL / Reboot. That should be enough to protect my app, right? However, it just

Re: CF8: Script Protect just doesn't work

Well I have narrowed the problem down significantly. It works just fine if I comment out the following lines in my Application.cfc : OnRequestStart: cfset setEncoding(form,ISO8859-1) cfset setEncoding(url,ISO8859-1) cfcontent type = text/html; charset ISO-8859-1 Does anyone have a clue

htaccess is denying CFINCLUDEs??

I have a bit of a puzzle here... I have a set of .cfm includes in /proj_includes To stop people accessing those includes directly, I have an .htaccess file that denies all. The main templates are in the root directory, and they include these templates like this: cfinclude