Re: Danger of the +.htr bug
Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. Eric From: "Jamie Keane" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: Re: Cool CF site - webos.org Date: Tue, 19 Dec 2000 08:57:29 -0500 The fact that they don't have the +.htr bug patched. Very interesting. Cheers, Jamie -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 5:41 PM Subject: Re: Cool CF site - webos.org Pardon, do you mean this web site or my message??? Regards - Original Message - From: "Jamie Keane" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 9:20 AM Subject: Re: Cool CF site - webos.org *ROFL* That's the funniest thing I've seen this month! -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 4:54 PM Subject: Re: Cool CF site - webos.org And what is cool on this site? I found only one thing - it is possible to get all source code from this URL. It is not cool. - Original Message - From: "Eric Fickes" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 8:00 AM Subject: Cool CF site - webos.org Hello all, I was wondering if any of you have seen/used www.webos.org yet? I noticed that it's using CF, so I was hoping that some of you may have an answer to my question. WebOs emulates a desktop, and pops up windows within one large parent window. I would love to do this on my inhouse site for navigation and was wondering if any of you knew how to do this. E ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Danger of the +.htr bug
That is a pretty narrow point of view :) Think of it this way. You are a company which has invested great amounts of time to create a really awesome site that generates millions of dollars every month. The code is the companies intellectual property and its kind of suicidal for a business to just hand out their intellectual property and say "here you go why dont you set up a competative site using our code!!" The code can represent a culmination of hundreds if not thousands of man hours which can just be taken by appending +.htr to a URL. Not Cool. Jeremy Allen elliptIQ Inc. -Original Message- From: Eric Dawson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 11:15 AM To: CF-Talk Subject: Re: Danger of the +.htr bug Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. Eric From: "Jamie Keane" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: Re: Cool CF site - webos.org Date: Tue, 19 Dec 2000 08:57:29 -0500 The fact that they don't have the +.htr bug patched. Very interesting. Cheers, Jamie -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 5:41 PM Subject: Re: Cool CF site - webos.org Pardon, do you mean this web site or my message??? Regards - Original Message - From: "Jamie Keane" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 9:20 AM Subject: Re: Cool CF site - webos.org *ROFL* That's the funniest thing I've seen this month! -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 4:54 PM Subject: Re: Cool CF site - webos.org And what is cool on this site? I found only one thing - it is possible to get all source code from this URL. It is not cool. - Original Message - From: "Eric Fickes" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 8:00 AM Subject: Cool CF site - webos.org Hello all, I was wondering if any of you have seen/used www.webos.org yet? I noticed that it's using CF, so I was hoping that some of you may have an answer to my question. WebOs emulates a desktop, and pops up windows within one large parent window. I would love to do this on my inhouse site for navigation and was wondering if any of you knew how to do this. E ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Danger of the +.htr bug
As the database name and table names are exposed, in essence a hacker could delete data from the databasewhich is not good Nick Betts www.poulternet.com -Original Message- From: Eric Dawson [mailto:[EMAIL PROTECTED]] Sent: 19 December 2000 16:15 To: CF-Talk Subject: Re: Danger of the +.htr bug Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. Eric From: "Jamie Keane" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: Re: Cool CF site - webos.org Date: Tue, 19 Dec 2000 08:57:29 -0500 The fact that they don't have the +.htr bug patched. Very interesting. Cheers, Jamie -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 5:41 PM Subject: Re: Cool CF site - webos.org Pardon, do you mean this web site or my message??? Regards - Original Message - From: "Jamie Keane" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 9:20 AM Subject: Re: Cool CF site - webos.org *ROFL* That's the funniest thing I've seen this month! -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 4:54 PM Subject: Re: Cool CF site - webos.org And what is cool on this site? I found only one thing - it is possible to get all source code from this URL. It is not cool. - Original Message - From: "Eric Fickes" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 8:00 AM Subject: Cool CF site - webos.org Hello all, I was wondering if any of you have seen/used www.webos.org yet? I noticed that it's using CF, so I was hoping that some of you may have an answer to my question. WebOs emulates a desktop, and pops up windows within one large parent window. I would love to do this on my inhouse site for navigation and was wondering if any of you knew how to do this. E ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Danger of the +.htr bug
Well .. the main danger is that someone can find a way to compromise your site's security. Someone could get the user/pass for your database, find your directory structure, view all the intricate details of your forms and use that information to write their own forms to exploit your action pages somehow .. just bad stuff in general .. Think about it. Todd Ashworth - Original Message - From: "Eric Dawson" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 11:14 AM Subject: Re: Danger of the +.htr bug | Is there any danger to the +.htr beyond being able to view the source code | of the site? | | ie if you want my source code ... 1.) Why? I don't want it, but am forced to | code it, and 2.) It might be easier to ask me for it, cause I'll zip up all | the files and email it to you. | | Eric ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Danger of the +.htr bug
Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. I guess it depends on what you have in your code. Most people would consider file mappings, db usernames and passwords, and db table and field names rather *sensitive* information, very useful to a determined hacker. -ron ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Danger of the +.htr bug
At 10:14 AM 12/19/00 -0600, you wrote: Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. Being able to view the source code on the site can be very dangerous, especially if it includes any usernames and passwords. Even if it doesn't contain usernames and passwords, it can betray other vulnerabilities in the site, but if it does have usernames and passwords to the database, all the data is compromised. Or in other words, I hope you aren't storing credit card numbers. Even encrypted credit card numbers can be vulnerable if your source is vulnerable-- cause that's where the encryption scheme is. If *we* want to see your source, we'll ask, but more malicious types will look for common problems like the +.htr bug. I actually had a nightmare about a similar hack last night. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Danger of the +.htr bug
Absolutely there is a danger. Just off the top of my head I can think of a few. These may not be best practice but: 1. If you put the username and password in a CFQUERY they can see that (and anything else). 2. If you just hard code a password or IP range to be blocked, or other information that should not be seen. 3. If you have a client you do work for THEY have copyright to the code. They paid for it, it is theirs. 4. Any CF comments become visible. You may be explaining a business process and it gets read by someone who does not need to know about it. Because you may have a bunch of people coding, you cannot anticipate what may or may not be put in the code. -Gary -Original Message- From: Eric Dawson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 10:15 AM To: CF-Talk Subject: Re: Danger of the +.htr bug Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. Eric From: "Jamie Keane" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: Re: Cool CF site - webos.org Date: Tue, 19 Dec 2000 08:57:29 -0500 The fact that they don't have the +.htr bug patched. Very interesting. Cheers, Jamie -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 5:41 PM Subject: Re: Cool CF site - webos.org Pardon, do you mean this web site or my message??? Regards - Original Message - From: "Jamie Keane" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 9:20 AM Subject: Re: Cool CF site - webos.org *ROFL* That's the funniest thing I've seen this month! -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 4:54 PM Subject: Re: Cool CF site - webos.org And what is cool on this site? I found only one thing - it is possible to get all source code from this URL. It is not cool. - Original Message - From: "Eric Fickes" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 8:00 AM Subject: Cool CF site - webos.org Hello all, I was wondering if any of you have seen/used www.webos.org yet? I noticed that it's using CF, so I was hoping that some of you may have an answer to my question. WebOs emulates a desktop, and pops up windows within one large parent window. I would love to do this on my inhouse site for navigation and was wondering if any of you knew how to do this. E ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Danger of the +.htr bug
While site security is an important issue with the +.htr bugs or anything that expose your source code I want to point out a few things. NEVER put the username and password in your templates! Always write your queries so that a new query cant be passed via a URL and do what they want, that should NOT be possible. A proper encryption scheme for credit cards will render encrypted CC data totally useless. Encrypt with your public key, key the private key is completely offline or at least internal network only. As many people have suggested to me, just plain dont store the CC, but if its a must it can be done with a good degree of security. In my mind as I have previously expressed the largest danger is the exposure of your intellectual property and everything that goes with that. Assuming you are properly coding your CF data modification via Raw queries should not be possible. If someone just happens to find one little omission and they wreak havoc on your DB and render your site useless, backups can cure that situation quite easily. What you cant fix is the fact that someone now has their own copies of your code. You cant just undo that from someones memory. All of these other issues are peripherial to good programming practice and good business practice. Jeremy Allen elliptIQ Inc. -Original Message- From: Gary McNeel, Jr. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 11:55 AM To: CF-Talk Subject: RE: Danger of the +.htr bug Absolutely there is a danger. Just off the top of my head I can think of a few. These may not be best practice but: 1. If you put the username and password in a CFQUERY they can see that (and anything else). 2. If you just hard code a password or IP range to be blocked, or other information that should not be seen. 3. If you have a client you do work for THEY have copyright to the code. They paid for it, it is theirs. 4. Any CF comments become visible. You may be explaining a business process and it gets read by someone who does not need to know about it. Because you may have a bunch of people coding, you cannot anticipate what may or may not be put in the code. -Gary -Original Message- From: Eric Dawson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 10:15 AM To: CF-Talk Subject: Re: Danger of the +.htr bug Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. Eric From: "Jamie Keane" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: Re: Cool CF site - webos.org Date: Tue, 19 Dec 2000 08:57:29 -0500 The fact that they don't have the +.htr bug patched. Very interesting. Cheers, Jamie -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 5:41 PM Subject: Re: Cool CF site - webos.org Pardon, do you mean this web site or my message??? Regards - Original Message - From: "Jamie Keane" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 9:20 AM Subject: Re: Cool CF site - webos.org *ROFL* That's the funniest thing I've seen this month! -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 4:54 PM Subject: Re: Cool CF site - webos.org And what is cool on this site? I found only one thing - it is possible to get all source code from this URL. It is not cool. - Original Message - From: "Eric Fickes" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 8:00 AM Subject: Cool CF site - webos.org Hello all, I was wondering if any of you have seen/used www.webos.org yet? I noticed that it's using CF, so I was hoping that some of you may have an answer to my question. WebOs emulates a desktop, and pops up windows within one large parent window. I would love to do this on my inhouse site for navigation and was wondering if any of you knew how to do this. E ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archiv
RE: Danger of the +.htr bug
I was unaware of this particular bug until today. How can one prevent this bug from being used on their own code? Thanks in Advance Larry Juncker Senior Cold Fusion Developer Heartland Communications Group, Inc. -Original Message- From: Gary McNeel, Jr. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 10:55 AM To: CF-Talk Subject: RE: Danger of the +.htr bug Absolutely there is a danger. Just off the top of my head I can think of a few. These may not be best practice but: 1. If you put the username and password in a CFQUERY they can see that (and anything else). 2. If you just hard code a password or IP range to be blocked, or other information that should not be seen. 3. If you have a client you do work for THEY have copyright to the code. They paid for it, it is theirs. 4. Any CF comments become visible. You may be explaining a business process and it gets read by someone who does not need to know about it. Because you may have a bunch of people coding, you cannot anticipate what may or may not be put in the code. -Gary -Original Message- From: Eric Dawson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 10:15 AM To: CF-Talk Subject: Re: Danger of the +.htr bug Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. Eric From: "Jamie Keane" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: Re: Cool CF site - webos.org Date: Tue, 19 Dec 2000 08:57:29 -0500 The fact that they don't have the +.htr bug patched. Very interesting. Cheers, Jamie -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 5:41 PM Subject: Re: Cool CF site - webos.org Pardon, do you mean this web site or my message??? Regards - Original Message - From: "Jamie Keane" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 9:20 AM Subject: Re: Cool CF site - webos.org *ROFL* That's the funniest thing I've seen this month! -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 4:54 PM Subject: Re: Cool CF site - webos.org And what is cool on this site? I found only one thing - it is possible to get all source code from this URL. It is not cool. - Original Message - From: "Eric Fickes" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 8:00 AM Subject: Cool CF site - webos.org Hello all, I was wondering if any of you have seen/used www.webos.org yet? I noticed that it's using CF, so I was hoping that some of you may have an answer to my question. WebOs emulates a desktop, and pops up windows within one large parent window. I would love to do this on my inhouse site for navigation and was wondering if any of you knew how to do this. E ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Danger of the +.htr bug
Larry, Here's the URL for the patch: http://www.microsoft.com/technet/Security/Bulletin/ms00-044.asp However M$ does say the following about this patch: The patch should only be installed by customers who have a business-critical need for the .HTR functionality. Microsoft recommends that all other customers disable the .HTR functionality altogether, as discussed in the FAQ. hth, larry -- Larry C. Lyons ColdFusion/Web Developer EBStor.com 8870 Rixlew Lane, Suite 201 Manassas, Virginia 20109-3795 tel: (703) 393-7930 x253 fax: (703) 393-2659 http://www.ebstor.com http://www.pacel.com email: [EMAIL PROTECTED] Chaos, panic, and disorder - my work here is done. -- Larry Juncker wrote: I was unaware of this particular bug until today. How can one prevent this bug from being used on their own code? Thanks in Advance Larry Juncker Senior Cold Fusion Developer Heartland Communications Group, Inc. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Danger of the +.htr bug
At 12:04 PM 12/19/00 -0600, you wrote: I was unaware of this particular bug until today. How can one prevent this bug from being used on their own code? This is an IIS bug, if I remember correctly. The bug is in the server, not your code. Check to see if your servers have the bug and if they do, get on the network administrator's case about it. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Danger of the +.htr bug
I was poking fun at myself. I develop 100% open source, but my code isn't worth much heh heh. As an aside I realized that I do do some things good. ie most of my programming is not accessible under the web root. ie I make a cfmodule call to a place somewhere not accessible by a browser. half by design, half by accident. sitedir\www\ sitedir\_applications (fuseobjects) sitedir\_content (static include files) Please don't crash my site. Eric From: "Jeremy Allen" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: RE: Danger of the +.htr bug Date: Tue, 19 Dec 2000 11:28:27 -0500 That is a pretty narrow point of view :) Think of it this way. You are a company which has invested great amounts of time to create a really awesome site that generates millions of dollars every month. The code is the companies intellectual property and its kind of suicidal for a business to just hand out their intellectual property and say "here you go why dont you set up a competative site using our code!!" The code can represent a culmination of hundreds if not thousands of man hours which can just be taken by appending +.htr to a URL. Not Cool. Jeremy Allen elliptIQ Inc. -Original Message- From: Eric Dawson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 19, 2000 11:15 AM To: CF-Talk Subject: Re: Danger of the +.htr bug Is there any danger to the +.htr beyond being able to view the source code of the site? ie if you want my source code ... 1.) Why? I don't want it, but am forced to code it, and 2.) It might be easier to ask me for it, cause I'll zip up all the files and email it to you. Eric From: "Jamie Keane" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: Re: Cool CF site - webos.org Date: Tue, 19 Dec 2000 08:57:29 -0500 The fact that they don't have the +.htr bug patched. Very interesting. Cheers, Jamie -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 5:41 PM Subject: Re: Cool CF site - webos.org Pardon, do you mean this web site or my message??? Regards - Original Message - From: "Jamie Keane" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 9:20 AM Subject: Re: Cool CF site - webos.org *ROFL* That's the funniest thing I've seen this month! -- Jamie Keane Programmer SolutionMasters, Inc. 9111 Monroe Rd., Suite 100 Charlotte, NC 28270 www.solutionmasters.com 704.563.5559 x 228 Voice 704.849.9291 Fax -Original Message- From: Gena [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Date: Monday, December 18, 2000 4:54 PM Subject: Re: Cool CF site - webos.org And what is cool on this site? I found only one thing - it is possible to get all source code from this URL. It is not cool. - Original Message - From: "Eric Fickes" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 8:00 AM Subject: Cool CF site - webos.org Hello all, I was wondering if any of you have seen/used www.webos.org yet? I noticed that it's using CF, so I was hoping that some of you may have an answer to my question. WebOs emulates a desktop, and pops up windows within one large parent window. I would love to do this on my inhouse site for navigation and was wondering if any of you knew how to do this. E ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists