Jochem, can you be a little more specific? The webserver is not mine, I don't have control of the CF Administrator, and any changes are going to affect other people so I have to make a strong case to my hosting provider that any change I suggest is going to actually solve the problem.
In this case the docs indicate (thanks for the link) that enabling Global Script Protection will protect against cross-site scripting attacks, but I don't think that there's a cross-site attack going on, but an intra-site attack of some kind or "security" setting somewhere changing my EMBED and OBJECT tags to InvalidTag at the moment of a CFFILE WRITE operation. Could that even possibly be done through a cross-site scripting attack? It's not anybody else modifying the .cfm files I write, it's only me which I'm sure of because the logs show nobody else has been in messing with them, and it happens instantly upon a CFFILE WRITE. It does not however happen to any .cfm's I upload via FTP, and if it was a cross-site scripting attack going on they should be affected in that case too. So what could be changing my EMBED and OBJECT tags to InvalidTag? >Karl Simanonok wrote: >> The webserver is running Windows 2003 Server and CF is version >> 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS >> 6.0. Anybody have any idea what setting somewhere (no doubt for >> "security") is changing all my EMBED and OBJECT tags to InvalidTag >> when CFFILE WRITE occurs? > >Enable Global Script Protection: >http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 > >Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298974 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
