Hi Jochem, Yes, the CFEXECUTE was a bad example. Suppose instead you hosted all a University's various colleges' websites on one server. None of them had particularly good developers and instead of teaching them all SQL and relational database theory, you just gave them backend logins to a CMS which you then queried on the front end. You even packaged that query in a custom tag or component. It's all working so well that you now want to discourage new grad students from even trying their own sql queries in their code, but instead to tie only into your custom tag. (This may sound very controlling, but the fact is you have no time to play help desk to these kids, they come and go so frequently, why rebuild the wheel when they can reuse code, etc., etc... So you disable CFQUERY in their sandbox, but of course not in the sandbox containing the custom tags...
How do you keep the calling templates' sandbox restrictions from extending to their use of your custom tag? -Jason -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Sunday, August 03, 2003 5:55 PM To: CF-Talk Subject: Re: An ISP's Dream: Extensions in one sandbox, client code in another Blum, Jason (SAA) wrote: > > From an ISP's perspective, would it not be a God-send to put all clients > in one big, heavily restricted sandbox (no datasources, etc.) and all > datasource-accessing CFC's and other extensions in another sandbox to > which only the ISP administrator has posting rights? Apart from the fact that it can't be done because of the Java security model, what does it give you that sandboxes don't give you now? > Or consider a simpler example: You don't want clients CFEXECUTING some > local executable. With a shared instance that is a very bad idea indeed. > But you do want to allow them to drop into their code > a custom tag that can execute that local executable because in that tag > you have some logic or something that lets you fix parameters or > something. I don't really see a reason why customers would want to run any executable at all. And if they want it really bad they can always get hosting running their own instance. Or go up and down the protocol stack. > Have I missed something fundamental or would this not be a boon to > ISP's?! I would not want to be hosted on a server where I can't write my own logic to access databases and/or the file system. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
