can ppl upload files to your site??
if so are they restricted on the file types? (dont want any cfm or any other
executables uploaded)
if not, have you restricted the REGISTRY, CFDIRECTORY adn CFFILE in CF
ADMIN??
are you on NT4 with IIS?? make sure the Update for the .htr has been
installed (i.e. try: http://domainname/index.cfm+.htr and look at the
source, if it contains CF code, better go get the update)
when pages are accessed with url variables, and doing queries, look for
correct datatypes being passed and that semi-colons arent in the url
variable being used in the query....
hmm... thats a few...
Terry Bader
IT/Web Specialist
EDO Corp - Combat Systems
(757) 424-1004 ext 361 - Work
[EMAIL PROTECTED]
(757)581-5981 - Mobile
[EMAIL PROTECTED]
icq: 5202487 aim: lv2bounce
http://www.cs.odu.edu/~bader
> -----Original Message-----
> From: Robert Everland [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 09, 2001 4:14 PM
> To: CF-Talk
> Subject: Little OT: Security on NT, IIS, and CF
>
>
> Ok we are about to go live here soon and am looking at
> Security to
> really lock down the servers. Now I know people can append
> things to the url
> I check for that, or add things to a form, I check for that
> also. Only thing
> I need to know is if there is still a security lax with MDAC
> where someone
> could send a query to a url and drop a table. Can that still
> be done? I am
> slowly going through Microsoft's checklist for everything. Is there an
> allair err Macromedia checklist? Also anyone have any
> recomendations for a
> security scanner so I can double check everything after I am done.
>
> Robert Everland III
> Web Developer
> Dixon Ticonderoga
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
