Educause Security Discussion mailing list archives
Re: ColdFusion Security Tool
From: Scott Norton <dsnorton () UW EDU>
Date: Fri, 31 Jan 2020 23:28:50 +0000
I strongly suspect that if their process and or personality has lead them to ColdFusion, it will be difficult to integrate high levels of practice and tooling. That might be a stereo type; but my personal feeling it is a philosophical alignment with those that select that product. Making sure they deploy on ColdFusion AWS is probably your leading strategy for potential damage containment. Good luck From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Harry Hoffman Sent: Friday, January 31, 2020 2:17 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] ColdFusion Security Tool I don’t mean this in a cheeky way, but the only guidance around Cold Fusion should be to find something different. There have been so many areas of compromise around Cold Fusion that the risk/reward evaluation is almost always 100%/0% If they do decide to use it anyway make sure it’s on a stand-alone system that isn’t tied into something like AD or LDAP. And firewall it off from any systems that you deem valuable. Cheers, Harry On Fri, Jan 31, 2020 at 4:14 PM Matt Hall <matthew.hall () chemeketa edu<mailto:matthew.hall () chemeketa edu>> wrote: We are curious if anyone uses or has used Fixinator (or a similar product)? https://fixinator.app/<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffixinator.app%2F&data=02%7C01%7Cdsnorton%40uw.edu%7C0b1502ac1f4d48cdc56908d7a69b556c%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637161058393633529&sdata=JBJLr0XiyoTWJsqglfkWl6wHUEni%2ByT5pgFshtyM6Bk%3D&reserved=0> We are looking for a tool to help guide a group of employees that want to use ColdFusion. Matthew Hall Information Security Analyst Chemeketa Community College Phone: (503) 584-7586 Email: Matthew.Hall () chemeketa edu<mailto:Matthew.Hall () chemeketa edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C0b1502ac1f4d48cdc56908d7a69b556c%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637161058393643530&sdata=RwHbklzFdwe3cB26zm3P7%2B2UxNTO85pK2ZeZgyThgc8%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cdsnorton%40uw.edu%7C0b1502ac1f4d48cdc56908d7a69b556c%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637161058393643530&sdata=RwHbklzFdwe3cB26zm3P7%2B2UxNTO85pK2ZeZgyThgc8%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- ColdFusion Security Tool Matt Hall (Jan 31)
- Re: ColdFusion Security Tool Harry Hoffman (Jan 31)
- Re: ColdFusion Security Tool Scott Norton (Jan 31)
- Re: ColdFusion Security Tool Harry Hoffman (Jan 31)