> isn't the bug a microsoft iis issue? i have tried it on asp
> pages and can see their code as well...it's not just a cf
> problem. could this be another "big brother" deal with microsoft
> by allowing them to put in the +.htr and seeing our source code?
Yes, it's an IIS issue.
No, it's not a "big brother" deal. My guess is that no one at Microsoft
gives a rat's ass about any of our CF code.
The problem here is more that Microsoft software, like that from many other
vendors, provides lots of functionality that the vast majority of users
don't use or want. With things like MS Office, that results in bloatware.
With Outlook, it results in email macro viruses. With things like IIS, it
results in server security problems.
The key is to not install anything you don't need, and to disable what you
can't avoid installing but still don't need. Microsoft has guidelines for
securing IIS, but the vast majority of people using IIS - I hesitate to
refer to them as "administrators" - simply install it, with all its sample
code and ISAPI mappings.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
