Sadly quite common, sysadmins and hosting companies even do it The reason is because they think it works in the same way as cgi scripts and is locked down by the same rules that php et al are, which is not the case because it runs asca service not a process
Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 28 Mar 2014 01:52, "Raymond Camden" <raymondcam...@gmail.com> wrote: > > On Thu, Mar 27, 2014 at 8:12 PM, Maureen <mamamaur...@gmail.com> wrote: > > > > > And that "direction on how to secure it more" exists where exactly? > > Is it in the install instructions, or only in some obscure document > > that a person unfamiliar with the need for security might not know > > about? > > > > > So to be clear - there are people installing servers who don't know that > security is important? > > Nothing can help them. > > I don't know about you - but pretty much *any* tech I use, I know to google > "foo security" to see what resources exist for securing the app, install, > etc. Number one result for coldfusion security was > > http://www.adobe.com/devnet/coldfusion/security.html > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358150 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm