And how many people have we helped who have updated their CF 10 install,
then start asking for help because their cgi scope is broken... Who have
not read the message to update their connectors!!
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google.com/113032480
Don't get me started on the cheap clients, who want to have full control of
the server, which means their own. But will not pay for anyone to manage it.
Do you know how many jobs I have rejected like that :-)
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google
Only if it was flashing in huge read letters with the BLINK tag. Then again,
some will still miss that.
:)
On Mar 27, 2014, at 10:16 PM, Raymond Camden wrote:
>
> I *do* think that at the end of the installation, linking to the lock down
> guide would be useful.
Wil Genovese
Sr. Web Applic
As has been explained *multiple* times, there is no one solution (in terms
of settings) that will work for everyone. Therefore there must be some
position made where the software says, I'll lock down A and B, but I don't
think I can *always* lock C.
I *do* think that at the end of the installatio
On Thu, Mar 27, 2014 at 10:09 PM, Maureen wrote:
>
> Of course users should take responsibility. But corporations have a
> responsibility to their users to inform them as well.We are all
> aware that those managing servers SHOULD be knowledgeable and
> competent, however in the real world,
Honestly, if you are selling a software product that requires
additional lock down after installation, you might could get the
attention of those hiding in their cubicle by putting a large notice
of such at the beginning of the installation instructions. No one
should have to find out about softw
Of course users should take responsibility. But corporations have a
responsibility to their users to inform them as well.We are all
aware that those managing servers SHOULD be knowledgeable and
competent, however in the real world, that is not always the case and
never will be. So dealing wi
same...
I have in my years been at job interviews with people who have programmed
CF for as long as I have, but have never heard of them before the interview.
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google.com/113032480415921517411
On Fri, Mar 28, 20
Yea well I agree Ray, but they are also the people getting cheap VPS's and
not securing there servers too.
What we can do, I am not sure there is any more than what is being done...
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google.com/113032480415921517411
Honestly if these people are living under their cubicle desk then I have no
clue how to get their attention. Its not as if no one is talking about
ColdFusion security and certainly not as if the main stream news media is
reporting security breaches. If someone chooses to stay uninformed there
If securing your server is considered extra curricular activity - ie stuff
you would do at a user group - then your priorities are way out of wack.
(I mean you in general, not you specifically Andrew. ;)
On Thu, Mar 27, 2014 at 9:46 PM, Andrew Scott wrote:
>
> Ray,
>
> Probably not... Other pe
Ray,
Probably not... Other people should also remember that not everyone spends
time online in groups, they are 9 to 5 developers who have a life. These
are the people who set these things up, these are the people that aren't
being reached. Can more be done, don't think so.
Regards,
Andrew Scott
>
>
> Playing attention to the requirement to inform these people about the
> need for extra lock down early in the process would be more effective
> in solving the problem than Adobe employees and evangelists ignoring
> the fact that these people exist and doing nothing more than yelling
>
Um...
Ray,
Yes that is pretty much the case. I spend a lot of my time cleaning up and
securing severs that have been left unsecured. It happens all the time. I do
more server work than code these days.
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com
Yes Raymond, in the world I live in where I often have to go in and
clean up a mess made by inexperienced developers or the client's nerdy
nephew, there are people who are unaware that extra server lock down
would be necessary. There are also noobs who get hired at web hosting
companies who don't
Sadly quite common, sysadmins and hosting companies even do it
The reason is because they think it works in the same way as cgi scripts
and is locked down by the same rules that php et al are, which is not the
case because it runs asca service not a process
Russ Michaels
www.michaels.me.uk
cfmld
On Thu, Mar 27, 2014 at 8:12 PM, Maureen wrote:
>
> And that "direction on how to secure it more" exists where exactly?
> Is it in the install instructions, or only in some obscure document
> that a person unfamiliar with the need for security might not know
> about?
>
>
So to be clear - there a
And that "direction on how to secure it more" exists where exactly?
Is it in the install instructions, or only in some obscure document
that a person unfamiliar with the need for security might not know
about?
On Wed, Mar 26, 2014 at 9:16 AM, DURETTE, STEVEN J wrote:
>
>
> We can't please everyo
Exactly.
-Original Message-
From: Adam Cameron [mailto:dacc...@gmail.com]
Sent: 26 March 2014 14:27
To: cf-talk
Subject: Re: "The long tail of ColdFusion fail"
If it only works on localhost *by default*, then this mitigates most of the
problem just like that.
--
Adam
On 26 March 201
Sheesh, thanks!
I spent more time than I care to admit prying in different ways... I even
included archive.org but was using the devedit.com site.
What's sad is that I'm specifically trying to break the rules; I need to
add a meta refresh into a content block and this CMS was built with such
obs
http://web.archive.org/web/20060112162442/http://www.interspire.com/devedit/documentation.php
On Thu, Mar 27, 2014 at 10:12 AM, Jon Clausen
wrote:
>
> http://hesab.net/book/asp.net/devedit_aspnet_demo/DevEditSetupGuideNET.pdf
>
>
> On Mar 27, 2014, at 10:06 AM, C. Hatton Humphrey
> wrote:
>
>
http://hesab.net/book/asp.net/devedit_aspnet_demo/DevEditSetupGuideNET.pdf
On Mar 27, 2014, at 10:06 AM, C. Hatton Humphrey wrote:
>
> I'm working on an old CMS and it's using DevEdit as its WYSIWYG. I need to
> figure out a way to change the configuration but the site is dead, there's
> no
I'm working on an old CMS and it's using DevEdit as its WYSIWYG. I need to
figure out a way to change the configuration but the site is dead, there's
no reference of it on the main company's website and Google is being
particularly un-helpful.
Does anyone have a copy of the DevEdit Setup guide f
>>Development servers don't need a secure setup if
they're not exposed to untrusted networks.
Obviously we are was not talking about development servers in this thread ;-)
~|
Order the Adobe Coldfusion Anthology now!
http://ww
24 matches
Mail list logo
