Dick Applebaum wrote: > > I haven't seen it mentioned, but wouldn't another advantage be that > each context would be able to use "dangerous" CFMX features such as > cfobject, custom tags, etc., because the contexts are isolated.
Contexts are only of limited use here. They only serve to protect from eachother through the underlying Java code, but if you call a COM object that COM object is not protected. What is really needed to secure different applications from eachother is different instances running using different OS accounts. That way all the ACL's the OS usually enforces are still enforced. If you set the ACL's right, it is no problem giving users access to cfregistry, cfobject, cfexecute etc. because they can only change what the ACL's allow them to change. > If this is true, wouldn't you expect that shared-host providers would > use CFMXJ2ee instead of CFMX Standalone -- better performance, more > features, less security exposure? More $$$ because og per processor licenses. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
