• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Allaire ColdFusion CFCRYPT.EXE Vulnerability

Solution:
While SecurityFocus does not consider the following to be a sufficient solution, the Allaire Security Bulletin offers the following suggestion:
(Quoted verbatim from ASB99-08)
What Customers Should Do
In general, people using CFRYPT.EXE to hide source code should recognize that there is the possibility of pages being illegally decrypted. Customers who are creating commercial applications for redistribution or sale should include a license agreement that clearly states users are not authorized to decrypt encrypted pages. Organizations using CFCRYPT.EXE to protect code internally should recognize the risk that decoding may pose and adjust accordingly.