> Yep. One bug recently found in IIS+CF give source code of any *.cfm. AFAIK
> many websites on CF can be broken very easily then.
I am pretty sure that the issue that you are referring to release code for
ASP, JSP, and any other server side scripting as well. That issue had
nothing to do with Cold Fusion whatsoever. As long as you code efficiently
and code with security issues in mind you CF apps will be secure. The big
problem is that you need to keep up to date with the thousands of patches
put out by Microsoft for IIS.
-Greg
----- Original Message -----
From: "Gena" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, November 05, 2000 8:06 PM
Subject: Re: Amazon using CF
> > Do you think that the largest online e-tailor wants people to know what
> > language and app servers they use? That would aid hackers quite nicely,
> > huh?
>
> Yep. One bug recently found in IIS+CF give source code of any *.cfm. AFAIK
> many websites on CF can be broken very easily then.
>
> Regards,
> Gennadi
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
