[11202] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: New Allaire Security Zone Bulletins and KB Article

daemon@ATHENA.MIT.EDU (x-empt [ lvhc / lou ])
Fri Jul 30 22:23:36 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <37A14524.66D4EAD@urban-a.net>
Date:         Thu, 29 Jul 1999 23:24:36 -0700
Reply-To: "x-empt [ lvhc / lou ]" <lvhc@URBAN-A.NET>
From: "x-empt [ lvhc / lou ]" <lvhc@URBAN-A.NET>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

Read on...

> ASB99-10: Addressing Potential Security Issues with Undocumented CFML Tags and
> Functions Used in the ColdFusion Administrator

By not documenting tags (and the weak encryption scheme of CFML), Allaire is starting to
become like Microsoft, believing in security through obscurity.

One has to question security through obscurity once again.  This is the SECOND major
problem from Allaire in recent months that is partially attributed to security through
obscurity. (The first being the "encryption" of CFML pages).

x-empt


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11202] in bugtraq

Re: New Allaire Security Zone Bulletins and KB Article

daemon@ATHENA.MIT.EDU (x-empt [ lvhc / lou ])Fri Jul 30 22:23:36 1999

daemon@ATHENA.MIT.EDU (x-empt [ lvhc / lou ])
Fri Jul 30 22:23:36 1999