The issue is it keeps getting turned back on in the CFADMIN. I literally log
back in, and it's enabled (box checked)
I've also checked to make sure it's not just my browser re-selecting it too,
I've logged into the CFADMIN from multiple browsers on different
computers... It's weird.
I've
It would've been funny if someone else sent a message to CF-Talk titled
'Issues with Script Protect', saying It keeps turning itself off! :OD
Taking Dave's point a step futher, hunt down the config file that stores the
on/off switch and change it manually. Backup first etc. If it goes wrong, I
Hey All,
During the really bad XSS (Cross Site Scripting for the newbs) attack a few
months back we went into every box and made sure Global Script Protect was
enabled.
However... On some of my servers, mostly the ones that run our CMS systems,
I don't want it on. We do allow our users to upload
You can turn on scriptProtect at the Application level as well (both
in cfapplication and Application.cfc). Are you sure it isn't turned on
there?
On Thu, Oct 16, 2008 at 6:17 PM, Alan Rother [EMAIL PROTECTED] wrote:
Hey All,
During the really bad XSS (Cross Site Scripting for the newbs)
Yeah, it's disabled now in the App.cfc...
The issue is it keeps getting turned back on in the CFADMIN. I literally log
back in, and it's enabled (box checked)
I've also checked to make sure it's not just my browser re-selecting it too,
I've logged into the CFADMIN from multiple browsers on
Are you the only person with access to CF Admin? It could be that some
other server or security admin is wondering who keeps turning off that
option.
-Mike Chabot
On Thu, Oct 16, 2008 at 11:54 PM, Alan Rother [EMAIL PROTECTED] wrote:
Yeah, it's disabled now in the App.cfc...
The issue is it
6 matches
Mail list logo
