Mike,
It didn't say that Coldfusion was ranked number 2 in security flaws, it used
cgi as an example of which Coldfusion is based on as is ASP,Perl,Awk,C++ to
name a few. However in reading the article I did notice a concern that
struck me hard.
The world has come to accept that we have application out there that have
major problems, we accept the fact that a new release will always bring
about new problems, however companies like MS have not made it clear enough
that problems/patches/service packs are needed to secure holes in the likes
of IIS/Internet Explorer etc.
I like the fact that as soon as something security wise is known with CF,
its posted on the allaire security page. But how many users of Internet
Explorer actually know that v4 has numerous security holes, and there are
probably x amount unknown hidden away in IE5.5 and continue to use it. With
every new release these security holes might have been fixed, plus many new
enhancements. But if for arguments sake IE6 was released, people would not
upgrade straight away and wait for known issues.
I can accept their concerns, but these known issues might have already have
been in previous versions. Anyway its not always clear that if a problem
exists the average user is not aware of it. I know people who download the
latest stuff all the time, and use it and complain that this doesn't work
etc. Well if you use a beta copy then you deserve the hardache I guess, but
if its not a beta there is no real release to the public of such issues,
enhancements or patches to such applications. We as a development community
know the ins/outs of most of these and know how to keep in touch with the
latest patches etc., but average users do not.
Sorry for being off topic a little, but it needed to be pointed out I
thought! Awarness, it makes it so hard when dealing with clients:-)
regards
Andrew Scott
Senior Cold Fusion Application Developer
-----Original Message-----
From: Mike Connolly [mailto:[EMAIL PROTECTED]]
Sent: 01 November 2000 22:17
To: CF-Talk
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: ColdFusion is vulnerable?
Have a look at this article listing ColdFusion as number 2 in top 10
internet security threats...
http://www.sans.org/topten.htm
Comments on a postcard please?
-----------------------------------------------
Any opinions expressed in this message are those of the individual and not
necessarily the company. This message and any files transmitted with it are
confidential and solely for the use of the intended recipient. If you are
not the intended recipient or the person responsible for delivering to the
intended recipient, be advised that you have received this message in error
and that any use is strictly prohibited.
Sapphire Technologies Ltd
http://www.sapphire.net
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
