Website Security Hole Found and Patched
Deerfield.com (current distributors of Website) has released a service pack for WebSite Pro that will address a possible source code disclosure from active documents, such as ASP or ColdFusion. This security problem is present in all current versions of the product as well as past versions.
Download WebSite 3.1.13.0 (which contains the service pack mentioned above): http://www.deerfield.com/download/website/
Release Notes: http://www.deerfield.com/support/website/releasenotes/
Bob Denny, author of Website, also mentioned this workaround to the problem: "Don't use any active documents with file extensions longer than 3 characters. Remove the mapping for .html-ssi or change it to .ssi and rename all your .html-ssi documents. Fix all the links to same. I know it's ugly, but upgrading would solve the problem."
Latest ColdFusion Talk (CF-Talk)
- How does Security affect search engine spiders?
- Creating a datasource against sql 2005 express on fly for coldfusion8
- adobe ftp site for cf8?
- How to handle quote symbols
- JRUN at 100% - solved thank to the archives!
- Won't evaluate?
- Draw line and box
- SOT: setting div visibility with javascript (fixed)
- CFDocument? No Soup for YOU!
- setting div visibility with javascript
Latest ColdFusion Jobs (CF-Jobs)
- Need experienced Flash web game developer
- CF8 Contract with short on-site portion and long, part-time, off-site portion
- Coldfusion develpment services from China
- MID LEVEL COLDFUSION DEVELOPERS NEEDED 60k to 75k(San Fernando Valley, Ca)
- MID LEVEL COLDFUSION DEVELOPERS NEEDED 60k to 75k
- Coldfusion Developer Opportunity in Knoxville, TN
- Experienced Ohio Developer looking for part time telecommute work
- ColdFusion Programmer opening @ GE in Schenectady, NY
- Coldfusion Developer needed in Suffolk County Long Island
- ColdFusion Developer Needed in North Suburbs of Chicago ASAP
