> Thats the trouble with bundling things. I used to think it was nice but > really it creates > these types of things.
Well, CF contains TONS of bundled items; any of these items could conceivably have some unknown vulnerability. Database drivers, COM and .NET interfaces, all sorts of third-party libraries, etc, etc. > Have you seen the video of the guy hacking sites with this? No. But it's a pretty easy thing, once you know how the vulnerability works, I think. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324265 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4