What about CFENCODE .. I know it's not a solultion, but it is a way to
'protect' your code. This .htr invulnerability is one, but sure there will
come other.
-Johan
-----Original Message-----
From: Rick Osborne [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 4 augustus 2000 10:03
To: [EMAIL PROTECTED]
Subject: RE: Allaire security problem - anyone know solution?
You're kidding, right?
http://devex.allaire.com/developer/gallery/info.cfm?ID=B61C031D-2CE5-11D4-83
D700508B94F85A&method=Full
http://www.rixsoft.com/ColdFusion/CFX/CFMEncrypt/
http://packetstorm.securify.com/9907-exploits/cfdecrypt.txt
http://shroom.dv8.org/bmp/crypt.cgi
http://www.rewted.org/exploits/sorted-by-date/07-1999/cfdecrypt.c
CF Encryption is broken. It'll keep honest people out of your code, but it
is by no means a "solution".
(Sorry, I'm not trying to be mean or anything, I just don't think it's good
that people put all their eggs in one basket. Or, in this case, all of
their faith in a broken system.)
-Rick
-----Original Message-----
From: Johan Coens [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 04, 2000 3:46 AM
To: [EMAIL PROTECTED]
Subject: RE: Allaire security problem - anyone know solution?
One easy solution to do:
CFENCRYPT it
-----Original Message-----
From: Mooner Ent [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 4 augustus 2000 5:50
To: [EMAIL PROTECTED]
Subject: Re: Allaire security problem - anyone know solution?
Allaire security bulletin says
Originally Posted: May 22, 2000
Last Updated: May 22, 2000
Why are we just finding out that our entire Server side code can be read???
I check the security section often, did I over look it?
We found out about DATA much sooner.
Rick
Excuse the rant.
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.