One of the guys in my user group works for a firm that is very concerned with security. They recently ran across this situation. I've offered a couple of possible explanations, but I'm interested in any other possible explanation:
-----------------he wrote------------------- I had an occurrence today that was very strange. I have a CF 4.5.1 Server running on NT 4.0 using IIS 4.0 with the latest service packs installed. My site looks at an incoming request and if they don't already have session variables set (cached via cookies for 48 hours) they are given a password screen to log in with. Around 13:00 Central time today a remote user was attempting to log into the site. His profile in our database did not have him authorized to log in and he was denied access as expected. While speaking with our Service Desk who was attempting to log in as him locally his remote display brought up a page that would only have been displayed to the local Service Desk technician. To the best of my knowledge, there was no password information passed to the remote user (he still wasn't authorized at that point in our profile database.) How could he possibly received a page from our server that belonged to our internal technician? The remote user and the local tech are both situated behind two different firewalls from the server. I am at a total loss, and am hoping that someone may be able to shed some light. ------------------------------------------- I'm thinking he's not getting the full story from the help desk <g> Mark A. Kruger, MCSE, CFG www.cfwebtools.com www.necfug.com mxc.blogspot.com ..no more brochures! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
