Is there any danger to the +.htr beyond being able to view the source code
of the site?
ie if you want my source code ... 1.) Why? I don't want it, but am forced to
code it, and 2.) It might be easier to ask me for it, cause I'll zip up all
the files and email it to you.
Eric
From: "Jamie
liptIQ Inc.
-Original Message-
From: Eric Dawson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 11:15 AM
To: CF-Talk
Subject: Re: Danger of the +.htr bug
Is there any danger to the +.htr beyond being able to view the source code
of the site?
ie if you want my source code ... 1.) Wh
of the +.htr bug
Is there any danger to the +.htr beyond being able to view the source code
of the site?
ie if you want my source code ... 1.) Why? I don't want it, but am forced to
code it, and 2.) It might be easier to ask me for it, cause I'll zip up all
the files and email it to you.
Eric
somehow .. just bad stuff in general .. Think about it.
Todd Ashworth
- Original Message -
From: "Eric Dawson" [EMAIL PROTECTED]
To: "CF-Talk" [EMAIL PROTECTED]
Sent: Tuesday, December 19, 2000 11:14 AM
Subject: Re: Danger of the +.htr bug
| Is there any danger to th
Is there any danger to the +.htr beyond being able to view the
source code
of the site?
ie if you want my source code ... 1.) Why? I don't want it, but
am forced to
code it, and 2.) It might be easier to ask me for it, cause I'll
zip up all
the files and email it to you.
I guess it
At 10:14 AM 12/19/00 -0600, you wrote:
Is there any danger to the +.htr beyond being able to view the source code
of the site?
ie if you want my source code ... 1.) Why? I don't want it, but am forced to
code it, and 2.) It might be easier to ask me for it, cause I'll zip up all
the files and
of people coding, you cannot anticipate what
may or may not be put in the code.
-Gary
-Original Message-
From: Eric Dawson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 10:15 AM
To: CF-Talk
Subject: Re: Danger of the +.htr bug
Is there any danger to the +.htr beyond being
of these other issues
are peripherial to good programming practice and good business
practice.
Jeremy Allen
elliptIQ Inc.
-Original Message-
From: Gary McNeel, Jr. [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 11:55 AM
To: CF-Talk
Subject: RE: Danger of the +.htr bug
Absolutely
]]
Sent: Tuesday, December 19, 2000 10:55 AM
To: CF-Talk
Subject: RE: Danger of the +.htr bug
Absolutely there is a danger. Just off the top of my head I can think of a
few. These may not be best practice but:
1. If you put the username and password in a CFQUERY they can see that (and
anything else).
2
Larry,
Here's the URL for the patch:
http://www.microsoft.com/technet/Security/Bulletin/ms00-044.asp
However M$ does say the following about this patch:
The patch should only be installed by customers who have a
business-critical need for the .HTR functionality. Microsoft recommends
that all
At 12:04 PM 12/19/00 -0600, you wrote:
I was unaware of this particular bug until today. How can one prevent this
bug from being used on their own code?
This is an IIS bug, if I remember correctly. The bug is in the server, not
your code. Check to see if your servers have the bug and if they
by design, half by accident.
sitedir\www\
sitedir\_applications (fuseobjects)
sitedir\_content (static include files)
Please don't crash my site.
Eric
From: "Jeremy Allen" [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Subject: RE: Danger of the +.htr bug
12 matches
Mail list logo