RE: Allaire security problem - anyone know solution?

Fri, 04 Aug 2000 01:16:47 -0700 

What about CFENCODE .. I know it's not a solultion, but it is a way to
'protect' your code. This .htr invulnerability is one, but sure there will
come other.

-Johan

-----Original Message-----
From: Rick Osborne [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 4 augustus 2000 10:03
To: [EMAIL PROTECTED]
Subject: RE: Allaire security problem - anyone know solution?


You're kidding, right?

http://devex.allaire.com/developer/gallery/info.cfm?ID=B61C031D-2CE5-11D4-83
D700508B94F85A&method=Full
http://www.rixsoft.com/ColdFusion/CFX/CFMEncrypt/
http://packetstorm.securify.com/9907-exploits/cfdecrypt.txt
http://shroom.dv8.org/bmp/crypt.cgi
http://www.rewted.org/exploits/sorted-by-date/07-1999/cfdecrypt.c

CF Encryption is broken.  It'll keep honest people out of your code, but it
is by no means a "solution".

(Sorry, I'm not trying to be mean or anything, I just don't think it's good
that people put all their eggs in one basket.  Or, in this case, all of
their faith in a broken system.)

-Rick

-----Original Message-----
From: Johan Coens [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 04, 2000 3:46 AM
To: [EMAIL PROTECTED]
Subject: RE: Allaire security problem - anyone know solution?


One easy solution to do:
CFENCRYPT it



-----Original Message-----
From: Mooner Ent [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 4 augustus 2000 5:50
To: [EMAIL PROTECTED]
Subject: Re: Allaire security problem - anyone know solution?


Allaire security bulletin says

Originally Posted: May 22, 2000
Last Updated: May 22, 2000

Why are we just finding out that our entire Server side code can be read???
I check the security section often, did I over look it?

We found out about DATA much sooner.

Rick



Excuse the rant.

----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to