Hello, Some days ago I posted the following concern about ColdFusions Application.cfm: "If you make a http-request to an (existing) application.cfm of onrequestend.cfm page, ColdFusion generates an errormessage that reveals the real path to that page on the server." I received a lot of response on this bug and amongst them I received the following solutions for this bug: ----------------------- 1. You can disable the ability to request application.cfm. This can be done in the IIS MMC. The easiest way to do this is to force a redirection to an index file. Right-click on application.cfm in the MMC, and set up redirection. 2. You can use the site-wide missing file handler in CF 4.5. This will send a custom error page which needn't say anything important at all. This is set in the CF Administrator. These solutions were provided to me by Dave Watts, CTO, Fig Leaf Software. -------------------------- Damon Cooper from Allaire wrote the following: "Allaire is aware of the issue and it is fixed as of the 4.5.1 release." .... "I believe registered users of 4.x will be able to download the update when it's made available. I believe we're targeting a late March/early April release." -------------------------- Amy Wong from Allaire wrote: "This has been reported as bug 14982. It was reported on February 4th, and today, March 1st, 2000, it is reported as fixed. This means it will probably be rolled int 4.5.1 RC2." Amy Amy Wong, Electronic Technical Support Allaire Corporation ----------------------------------- This bug is also archived by security focus at http://www.securityfocus.com/bid/1021 Kind regards, Marcel van Waaijen.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:56 PDT