[LINK] The ACS, TIPI and ICT in Australia
Rick Welykochy
pirkeepie at yahoo.com.au
Sun Aug 20 02:53:30 AEST 2006
--- "Darryl (Dassa) Lynch" <dassa at dhs.org> wrote:
> Also highlights the fact those who should know better compromise security at
> levels far above the user level. Generating error dumps is one of the classic
> hacker information gathering exercises.
Although I eschew Cold Fusion meself, it only took me 10 seconds to find
the following link: http://mysecretbase.com/Building_A_ColdFusion_Error_Handler.cfm
which clearly outlines how to correctly handle errors with CF in a secure way.
Is it really that hard to get this stuff right? I don't think so. It is
more a matter of awareness, training and proper specification, i.e. "No
error dumps be displayed to the user".
cheers
rickw
____________________________________________________
On Yahoo!7
Answers: Real people ask and answer questions on any topic.
http://www.yahoo7.com.au/answers
More information about the Link
mailing list