Hi Claude,
Yes, it is safe to allow only GET and POST verbs. Be aware, limiting
yourself to these verb may have unintended consequences, such as when trying
execute a remote debugging session against the server (I don't know how many
CFers do that). You can limit the verbs via the ISAPI Extensions list in IIS:
IIS Manager > Right-click the website > Properties > Home Directory tab >
Configuration Button > Mappings > Find .cfm, .cfc and any other extensions that
you are worried about for CF > Edit > Verbs: "Limit to" ...
Matt Small
Microsoft IIS Engineer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:326643
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
