isn't the bug a microsoft iis issue? i have tried it on asp pages and can
see their code as well...it's not just a cf problem. could this be another
"big brother" deal with microsoft by allowing them to put in the +.htr and
seeing our source code? and don't think that if you put all your variables
on the application.cfm page it's safe....the +.htr bug can expose that page
as well.
jason
>From: Jennifer <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: CF-Talk <[EMAIL PROTECTED]>
>Subject: RE: The +.htr bug strikes again
>Date: Thu, 21 Dec 2000 12:50:38 -0600
>
>Look at the security section of the Allaire site and if you can't find it
>there, search for information on the Microsoft site. I promise not to hack
>your site in the meantime.
>
>At 10:59 AM 12/22/00 -0500, you wrote:
> >What is the patch? Where can we get it?
>
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
