> Hrm. I was referring more to the fact that a 'registry' was > used in Linux as well. And that there is a script floating > around that someone with shared access can upload, and then > run, and output the cfserver's admin password to the browser... > I didn't mean that cfregistry was bad, or that windows was > bad (tho I prob. thought that one <g>), but that since there > is no Adv. Sec. for CFLinux, to not allow this tag to be > available if you're gonna share CFLinux Hosting...
Well, I don't have a lot of experience with CF on Linux, but if it's like it is on Solaris, the "registry" is just a text file that CF uses to store its configuration info. This isn't used by anything other than CF. I agree with you that you might want to disable CFREGISTRY if you're setting up a shared host. Rather than relying on the CF Administrator password for security, you might be better off simply setting up the CF Administrator to run on a separate, protected virtual server using .htaccess and SSL to prevent unauthorized users getting into it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
