> Once when browsing the site of a certain utility company in my neck of > the woods I found they suffered from the .htr bug (several months after

You "found"?

Quick question, is it actually illegal to type +.htr onto the end of a URL? I know the fact that it's stupidly trivial doesn't make it ok. Or is the act of add +.htr to the URL with the *intention* of getting the source code illegal?

People have to put things like "Unauthorised access to this system in prohibited blah blah blah..." on telnet prompts, but I don't see any "It is illegal to attempt to read the source code for this page" disclaimers on any pages.

Finally, I'd be pretty upset if I'd taken time to write an Application for a company, only for them to stick it on a unpatched server, thus practically giving the code away. Does adding a clause in the contract to try and prevent stupidity seem like a reasonable thing to, and how would you go about that?

Cheers, Dan.

This message is intended only for the use of the person(s) ("the intended recipient(s)") to whom it is addressed.

It may contain information which is privileged and confidential within the meaning of the applicable law. If you are not the intended recipient, please contact the sender as soon as possible. The views expressed in this communication may not necessarily be the views held by Live Information Systems Limited.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to cf-server-request@houseoffusion.com with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com