> > By that criterion, what could you use? Very few things are > > truly secure by default. CF isn't. Web servers aren't. > > Web servers don't let you change any file on the file system > from anywhere in the world. Certainly Apache doesn't in it's > default configuration. Can't speak for IIS, wouldn't want to :-)
I think you're missing my point. An attacker needn't change any file on the filesystem in order to root a server. My point was simply that nothing is secure by default, and if you're going to run something you need to be aware of the potential vulnerabilities that are exposed by whatever you run. As for IIS's security, IIS 6 is pretty good in its default configuration. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:217232 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
