| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| 29 | 30 | 1 | 2 | 3 | 4 | 5 |
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | 1 | 2 |
Adobe fixes ColdFusion CFC remoting security bug
Submitted by Falken on Wed, 09/04/2008 - 09:41.
If you have ColdFusion 8, with CFCs exposed for remote access, with methods marked 'access="remote"' you probably did not know that this also meant any methods marked 'access="public"' could also be invoked remotely.
The obvious security problems now have a fix in the form of hot fix 71471 and it's associated KB article #40332.
You should apply this as soon as you can if your ColdFusion objects are being used by a Flex client, for instance.
Recent comments
1 week 5 days ago
1 week 6 days ago
3 weeks 5 days ago
3 weeks 5 days ago
9 weeks 5 days ago
10 weeks 1 day ago
11 weeks 6 days ago
11 weeks 6 days ago
11 weeks 6 days ago
12 weeks 2 days ago