On 17 March 2014 21:49, <> wrote: > > >>and then when their site gets owned, CF gets the blame. > > On another hand, why Adobe hasn't change the way CF is installed if its > not safe? >
"backwards compatibility", and general lack of taking security seriously. They offer lipservice to security, but are too paralysed at the thought of alienating their more uniformed install base that they have dragged their heels when it comes to this sort of thing. That said... all the exploits last year would not have been possible to utilise if the people administering the CF servers actually did their jobs professionally. I'm the first one to blame Adobe for shitty exploitable code, but it's the idiots that leave well identified vectors open to abuse that have caused all the problems recently. But I will swing back towards Adobe (and Macromedia before them) being to blame here for engendering this idea that one can be a plank and still use CF. So now we have a community full of planks (and we *seriously* do). It was/is irresponsible for Macromedia/Adobe to commercially exploit this. IMO. -- Adam ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357987 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm