Quoting Oliver Cookson <[EMAIL PROTECTED]>: > > Is it possible to use <CFOBJECT> securely on a shared host. (I.e.not being > able to view the service factory)
Don't focus on the servicefactory. Not being able to access the servicefactory does not mean it is secure. You could for instance use java.io.* to get filesystem access and change the XML files from which CF reads startup settings. All you need then is to force a server reload. On the other hand, having access to the servicefactory is not completely insecure either. In a properly set up sandbox you would still lack permissions to write the XML files with the new settings to disk. > Seems a shame that everyone on a shared host loses ALOT of functionality! If the problem is that big you should either get a customtag installed, move to a dedicated server or find some host that runs different customers under different instances (which will most likely not be a cheap account). Or rethink why you need cfobject access. > Do you think there plans to make <CFOBJECT> more useable on shared hosts? I don't see how it could be more useable without sacrificing security. The whole point of cfobject is the ability to access arbitrary classes. You can't know what arbitrary classes do nor whether they integrate into the CF MX security framework. Even though they might be secure, you can't guarantee that. Jochem PS I hope to be wrong, I still haven't got my head around all the issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
