OK. So on CF5, what needs to be done to "properly secure a CF server" -
against the evils of CFFILE, or anything else?
best, paul
At 11:55 AM 1/30/03 -0500, you wrote:
> > Yes true, on properly configured CF server, which as
> > you know Dave, are not very common :-)
>
>Yes, which is why I fee
> But Dave if you tell everyone that, who will hire us? :-)
I'd be happy to do something else, actually, if everyone set up their
servers correctly.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~
But Dave if you tell everyone that, who will hire us? :-)
Dave said:
> > Yes true, on properly configured CF server, which as
> > you know Dave, are not very common :-)
>
> Yes, which is why I feel compelled to harp on it so much, I guess. This is
WG
~
> Yes true, on properly configured CF server, which as
> you know Dave, are not very common :-)
Yes, which is why I feel compelled to harp on it so much, I guess. This is
especially true with CFMX - it's a lot easier to secure on Windows than CF 5
was. You create a user, give the user the "log on
Yes true , on properly configured CF server, which as you know Dave, are not
very common :-)
WG
> > becuase you can do this
> >
> >
>
> While that's true, it's worth noting that on a properly configured CF
> server, the CF user account generally shouldn't have rights to read that
> file or other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
webguy wrote:
| becuase you can do this
|
|
only when cold fusion is not running under a restricted user acount
z
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+O
> becuase you can do this
>
>
While that's true, it's worth noting that on a properly configured CF
server, the CF user account generally shouldn't have rights to read that
file or other non-CF files.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 79
O! That's handy ;-)
At 03:35 PM 1/30/03 +, you wrote:
>becuase you can do this
>
>
>
>
>WG
>
> > -Original Message-
> > From: paul smith [mailto:[EMAIL PROTECTED]]
> > Sent: 30 January 2003 15:13
> > To: CF-Talk
> > Subj
becuase you can do this
WG
> -Original Message-
> From: paul smith [mailto:[EMAIL PROTECTED]]
> Sent: 30 January 2003 15:13
> To: CF-Talk
> Subject: RE: Screening files before CFFile upload: Follow-up
>
>
> Since file upload is part of the http protocol why is
Since file upload is part of the http protocol why is CFFILE considered
such a security risk?
best, paul
At 02:24 PM 1/30/03 +, you wrote:
>Hi,
>
> > Follow-up yesterday's thread of trying to screen files before
> > uploading with
> > cffile:
>
>I didn't comment on this tread yesterday..so.
Thanks for the extra insight. There is s much to know!
Keith
- Original Message -
From: "webguy" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 30, 2003 9:24 AM
Subject: RE: Screening files before CFFile upload: F
Hi,
> Follow-up yesterday's thread of trying to screen files before
> uploading with
> cffile:
I didn't comment on this tread yesterday..so...
> Just did some comparing of the MX behavior with CF5, to see if could glean
> any valuable info from initial form before uploading using cffile
> using
Follow-up yesterday's thread of trying to screen files before uploading with
cffile:
Just did some comparing of the MX behavior with CF5, to see if could glean
any valuable info from initial form before uploading using cffile using CF5:
If did a cfdump of the form (initial form with file to uploa
13 matches
Mail list logo
