Clarke, in addition to the good stuff Shawn shared [and btw, Shawn, I'd
enjoy seeing that code :-)], I'll note that at least as far as the point he
made:
> So the hoster is left with a hard choice: disable CFEXECUTE, CFOBJECT,
> CreateObject(.NET), CreateObject(COM) and CreateObject(JAVA) or accep
S, I'd like to find out how insecure. Can you forward the code?
_
Derrick Peavy
derr...@derrickpeavy.com
404-786-5036
_
On Jul 10, 2009, at 1:43 PM, shawn gorrell wrote:
Clarke,
Welcome to the big leagues. I know that you might want to stay away
fro
There are many suites you can use (Foundstone Enterprise, Nessus,
etc.) and manual methods too. But unless your host agrees to it and
you want to pay for it, you're left with whatever info they can give
you about penetration testing they have had done in the past.
-dhs
--
Dean H. Saxe
d..
Sorry to ask a dumb question, but how, exactly would you "Test the system."
Do you mean use some set of methods to try and break in, or is there some
sort of standard test suite?
Clarke
-Original Message-
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe
Sent: Fr
If you have security concerns, there is only one way to figure out if
they are valid. Test the system. With permission, of course.
Dean H. Saxe
d...@fullfrontalnerdity.com
"A true conservationist is a person who knows that the world is not
given by his fathers, but borrowed from his childr
I looked, but couldn't find the message you mentioned. Please resend it.
I'm about to conclude that I just need to switch hosts due to security
concerns, so that may fix the problem, too.
Clarke
-Original Message-
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Cameron
Chi
Clarke- Did you see the message I forwarded to the list a few days
ago regarding compression in the driver?
Also - I'm not sure what the load profile of this website is, but the
"performance hit" from turning maintain connections off is not usually
visible till you are under relatively high load.
Sorry if I wasn't clear about something. As you said, "Maintain connections
across client requests" is the default. It's when you turn it off that the
mySQL problem goes away with some server/driver configurations. If maintain
connections is off, then CF has to recreate the connection for each quer
Clarke,
Welcome to the big leagues. I know that you might want to stay away from that
stuff, but if you want to be an uber-developer, you really need to know that
stuff inside and out. Network and server administrators are unlikely to learn
CF config at any level of depth, so you need to be the
That's very odd considering I have several Windows 2003 servers all
running CF8. These servers host about 200 different websites using CF8
that ALL connect to a separate dedicated MySQL server. Some of the
sites connect to a MySQL 4.x service and others MySQL 5.x. All of these
sites connect via
I still haven't been able to get the host to resolve this problem, and I've
decided to just abandon MySQL for SQL Server. The database is simple and I
can make the change quickly.
To wrap this up, based on what I've learned and what my web research shows:
. The problem exists only f
I realize that all developers have a role in application security
(cfqueryparam, etc.). So, there definitely are things I have to pay
attention to in building an application.
But for server-level administration and security issues, I would personally
like to stay away as much as I can!
While debu
12 matches
Mail list logo
