--=@ greg @=-- ----- Original Message ----- From: "Won Lee" <LeeW@kpe.com> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Thursday, January 11, 2001 3:14 PM Subject: RE: The +.htr bug strikes again

> How does one test to see if the problem has be fixed? > > Won > > -----Original Message----- > From: Zachary Bedell [mailto:Aramis@adirondack.net] > Sent: Thursday, December 21, 2000 10:47 PM > To: CF-Talk > Subject: RE: The +.htr bug strikes again > > > > Someone should probably make an official "checklist" > > to run through when you setup a CF server. > > How about these additions to said checklist: > > In addition to removing the .htr mapping, also remove the mappings for any > other extensions that you won't be using on that server. > > Like: > htw -- unless you're using the WebHits highligher > ida, idq, htr, idc -- unless you're using old-style Index Server access > asp, cer, cdx, asa -- unless you're also hosting ASP apps on that server > shtm, shtml, stm -- unless you're using Server Side Include files > printer -- WTF is this and why did IIS install it for Win2k? > > You could probably also yank the dbm extension unless you have REALLY old CF > code lying around. > > Basically your goal is to DISABLE any functionality of your server that > you're not currently using. The less junk you have running on the server, > the less chance someone will find a bug in part of the server you didn't > even know was there. > > Granted, there's a fine and arcane art to disabling just the right things > without breaking any part of your server. You'd be best to play on a > production server that you can afford to trash & reinstall a few times if > need be. Certainly, though, deleting extensions for file types not used in > your sites (or your customer's sites for webhosts) is completely safe and a > good idea in general. > > Best regards, > Zac Bedell >