If you are getting this kind of problem, then obviously your server-side security is insufficient:
- If you are using a shared hosting service, then you are completely dependent upon the security (or lack thereof) that is maintained by the hosting service. If your directories are not adequately protected, then some other person who has an account on the same box might be able to diddle with your files.
- It isn't enough for you to simply FTP (or SFTP) your files up to the server, leaving their file-access permissions at a very convenient default value. You need to know what user-ID your web server is logged on as (it might be "nobody" or it might be you!), and you need to protect all of the executable material, any images and reference-files and so on, so that they are read-only, or execute-only. The ColdFusion application server needs to be able to access the scripts (that is to say, the auto-generated Java ...) but neither it nor the web-server should serve the files directly. And neither of them should be able to modify or replace any of those files: they should not have sufficient permissions to do so.
If an image-upload succeeded in making such a file replacement, then there are any number of points at which such an action should have been rendered impossible ... and so, if they succeeded, "shame on you."
- Navigation outside of the target space for storing images should have been impossible.
- Use of ".." and other things in URLs or file-locations should have been impossible.
- Only the intended destination for the images should have been writeable, and symlinks should not have been honored.
- Modification (or disclosure) of the ColdFusion materials should have been impossible.
How do I say this delicately... if this happened, then the person(s) responsible should be fighting to keep their jobs in the face of "gross negligence" and "dereliction of duty." 😕
They should, as my grandma would say, at least "have some 'splainin to do..."
4
Replies
AdChoices