One thought

  1. I have a question and maybe someone here can answer it.
    I read the security bullentin and I have seen this happen with the websites that I have. I have noticed though that if you go into the CF Administrator and tell it not to save the class files, that the directory /WEB-INF/cfclasses is still created, but it doesn’t have anything in it.
    Now my qyestion is, how exactly would someone be able to download the .class file? Don’t you have to know the exact name of a file in order to bring it up in a webbrowser or am I missing something here?

Leave a Reply