That is my understanding as well. Dave Watts, CTO, Fig Leaf Software
-----Original Message----- From: Adrian Lynch <cont...@adrianlynch.co.uk> Sent: Sunday, 05 July, 2009 06:42 To: cf-talk <cf-talk@houseoffusion.com> Subject: RE: New CF8 vulnerability If you mean your FCKEditor is accessed in a secure area, I don't think that matters. It's whether or not certain scripts can be accessed at yourdomain.com/cfide/scripts/bla/bla/eek.cfm. Someone correct me if this isn't the case... Adrian > -----Original Message----- > From: Matt Robertson [mailto:websitema...@gmail.com] > Sent: 04 July 2009 05:01 > To: cf-talk > Subject: Re: New CF8 vulnerability > > > Supposedly on July 6 a new version will be released that is at least > better, if not 'fixed'. > > Kind of glad I put mine behind logins from the get-go. I am guessing > that this affects all FCKEditor installations and not just CF8's > cftextarea. > > Way back when, an earlier cf connector was so full of holes I wound up > rewriting it with another developer's help and posting it on their > forum. Guess that since then its code got a lot more complex but not > a lot better. > > -- > -...@robertson-- > Janitor, The Robertson Team > mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324223 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
