> Date: Wed, 7 Nov 2001 16:07:57 -0800 > From: "Roberts, William C" <[EMAIL PROTECTED]> > Subject: Need help from the experts... > Message-ID: <[EMAIL PROTECTED]> > > Hello CF gurus, > > I have a CF Server Enterprise with all the CF tags turned OFF except for > <CFCONTENT>. Does anyone know of any security risks that <CFCONTENT> could > have while it's the ONLY CF tag enabled from the CF Admin????? I'm assuming > that to maliciously attack my server, someone would need to upload (using > CFFILE) a CFM, execute it, and download files using the CFCONTENT tag (or > the CFFILE tag). Please help or offer any beneficial information if > possible. > > Thanks in advance, > Bill Roberts
<cfcontent> will allow downloading of any file on the server or network drives if the path is known. The security risk is because of that reason. Cameron ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
