Never assume your Web server is secure – chances are that it is not, despite your best intentions. Of all the machines on your network the Web server is the most visible, the one that most information is known about, and the one that most users access. Without much effort would-be hackers can find out what operating system you are running, as well as what Web server, and much more. And with so many published hacks out there, a Web server is effectively a welcome mat to your network. If this makes you somewhat paranoid, good. Don’t shut your Web server down, but do realize that you must pay attention to any and all security announcements and updates from any vendor who’s software is involved in your Web site (you can be sure the hackers are). And in addition, assume that whatever is on your Web site can and will be stolen – if you don’t want people getting it, it does not belong on the Web server machine or in any files (including CFM files) on that machine or on any machine that it has access to. (Applies to: ColdFusion All)

Leave a Reply