Hi all,
Wondering if anyone has changed the file extension to which ColdFusion
engine is associated. A client of mine is asking for this, and I'm not
seeing any big problem with it myself. Wondered what road-blocks,
gotchas, etc., are out there that I'm just not thinking of right now.
The client
Wondering if anyone has changed the file extension to which ColdFusion
engine is associated. A client of mine is asking for this, and I'm not
seeing any big problem with it myself. Wondered what road-blocks,
gotchas, etc., are out there that I'm just not thinking of right now.
The client is
Thanks Dave,
I do know that it can done -- pretty easily. Just looking for the
gotchas. The hint about not mapping static file extensions is
appreciated. In fact, just such an extension was requested, and I
recommended against it. But...
Cheers,
Kris
On Mon, Jun 14, 2010 at 7:05 PM, Dave
I do know that it can done -- pretty easily. Just looking for the
gotchas. The hint about not mapping static file extensions is
appreciated. In fact, just such an extension was requested, and I
recommended against it. But...
Well, this sounds like it's not your idea, but rather your client's
On Mon, Jun 14, 2010 at 4:55 PM, Kris Jones wrote:
Hi all,
Wondering if anyone has changed the file extension to which ColdFusion
engine is associated. A client of mine is asking for this, and I'm not
seeing any big problem with it myself. Wondered what road-blocks,
gotchas, etc., are out
On Mon, 2010-06-14 at 19:17 -0400, Dave Watts wrote:
I've never seen any compelling justification for doing this.
I've seen a client use it to password protect HTM/HTML files using the
benefits of good old application.cfm (being that it runs before any CF
file is run or those extensions
Client is interested in obscuring that it's CF. They know that it's
not fool-proof by any means. They don't have anything against CF,
obviously. If they were running a php site, they'd want to obscure
that too.
Cheers,
Kris
On Mon, Jun 14, 2010 at 8:03 PM, Bryan Stevenson
Is the site structured well? HREFs using something like
linkTo(your/link) vs. your/link?
:Den
--
I believe firmly that in making ethical decisions, man has the
prerogative of true freedom of choice.
Corliss Lamont
On Mon, Jun 14, 2010 at 6:47 PM, Kris Jones wrote:
Client is interested in
There are other ways such as using SES urls or not referencing file names
directly. Reference the folder only and make sure that index.cfm is the
default. URL's can be along the lines of mysite.com/key/value
Again this only obscures that ColdFusion is being used.
Why does the client want
Client is interested in obscuring that it's CF. They know that it's
not fool-proof by any means. They don't have anything against CF,
obviously. If they were running a php site, they'd want to obscure
that too.
That only obscures things for regular users. Any scan tool will still
fingerprint
I've seen a client use it to password protect HTM/HTML files using the
benefits of good old application.cfm (being that it runs before any CF
file is run or those extensions mapped to be run via CFmeaning you
can use standard CF built security for non-CF files).
But once you do that,
It raises the question of whether there exists a set of instructions
to follow that will achieve the goal of completely masking the fact
that you are running ColdFusion, even from fingerprinting scan tools.
I have never seen any whitepapers on this and would assume that none
exist. Some major Web
It raises the question of whether there exists a set of instructions
to follow that will achieve the goal of completely masking the fact
that you are running ColdFusion, even from fingerprinting scan tools.
I have never seen any whitepapers on this and would assume that none
exist. Some
13 matches
Mail list logo
