Ah, but that's my point about the Resource/Sandbox security. When I asked if
people had considered it, I definitely meant enabling other than the
default settings, because, no, out of the box, it's wide open.
Still, I'm not denying the power and value of OS security to back it up.
Just saying,
Over the past few days I've noticed some rudimentary attempts to do some SQL
injection type attacks over the URL string on a few of our sites.
The stuff I'm getting is your typical '1=1 and user0' type stuff added to
the end of URLs. Looks almost like they may be using Google to hack for
I'm with you. If you are confident in your code, don't stress. But
keep watching logs and seeing what's happening.
Curious... do you guys see the probes originating from the same group
of IPs?
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
Dissent is the purest form of patriotism.
Or get an open source IDS like Snort...
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
I have always strenuously supported the right of every man to his
own opinion, however different that opinion might be to mine. He who
denies another this right makes a slave of himself to his present
Moving to ColdFusion 8
http://training.figleaf.com/Courses/movingtocoldfusion8.cfm
Google Mini Fundamentals
http://training.figleaf.com/Courses/Google_Mini_Training.cfm
Regards,
Steve Drucker
CEO
Fig Leaf Software
Adobe / Google / Paperthin Premier Consulting and Training Partners
That's not so bad.
A few months ago, a ran my daily report showing user sessions,
locale, broswers, etc. Every time I ran the report, the page was
hijacked and I was taken off site to another site. And I kept
asking WTF?
Code was fine, hadn't touched the code in weeks. Well, I store