Re: New Allaire Security Zone Bulletins and KB Article

From: x-empt [ lvhc / lou ] (lvhc@URBAN-A.NET)
Date: Thu Jul 29 1999 - 23:24:36 PDT

Next message: Theodor Milkov: "Linux masquerading + traffic shaper"

Previous message: Miguel de Icaza: "Re: [linux-security] [RHSA-1999:023-01] Potential security"
Maybe in reply to: aleph1at_private: "New Allaire Security Zone Bulletins and KB Article"
Next in thread: Matt Chapman: "Re: New Allaire Security Zone Bulletins and KB Article"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Read on...

> ASB99-10: Addressing Potential Security Issues with Undocumented CFML Tags and
> Functions Used in the ColdFusion Administrator

By not documenting tags (and the weak encryption scheme of CFML), Allaire is starting to
become like Microsoft, believing in security through obscurity.

One has to question security through obscurity once again.  This is the SECOND major
problem from Allaire in recent months that is partially attributed to security through
obscurity. (The first being the "encryption" of CFML pages).

x-empt

Next message: Theodor Milkov: "Linux masquerading + traffic shaper"
Previous message: Miguel de Icaza: "Re: [linux-security] [RHSA-1999:023-01] Potential security"
Maybe in reply to: aleph1at_private: "New Allaire Security Zone Bulletins and KB Article"
Next in thread: Matt Chapman: "Re: New Allaire Security Zone Bulletins and KB Article"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:23 PDT