> The adobe document which describes what to > do is dated Mai 2010, almost 4 years old.
Indeed, and yet people still install the base server, run credit card transactions through it without patching the server, following the lockdown guide, or otherwise following good security practices and then when their site gets owned, CF gets the blame. Granted there are occasionally vulnerabilities found, just like there are vulnerabilities in Windows, *nix, and pretty much every other piece of software that faces the Internet. If the system admins, hosting companies, and developers who run the CF servers don't keep up on the security bulletins and apply patches when released/tested, it makes the rest of us look bad and gives CF a bad reputation to non-CF developers. Case in point, my company recently hired a Flash developer to do some work and when he saw the .cfm extension on some of our API calls he actually offered us security consulting services (yeah, from a Flash developer) because obviously we don't know what we're doing if we are running CF on the back-end. His attitude was that if we're running CF we are probably already hacked and don't know it yet. Bah! Developing applications is complicated enough without the tool being constantly berated in the industry. So anyway, that's your homework assignment for tonight. Go find out if your server is patched and locked down. I don't care if you run your own server, have an in-house system admin, or use an outside hosting company. Find out what the patch level is and whether it's been locked down properly. Go use hackmycf.com to find trouble spots if you can. If the server isn't patched, make that your mission. Go patch and lock down your servers people! I don't want to see Brian Krebs featuring your site next week unless it's in the vein of "wow, these CF people really got their s*** together!". -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357975 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
