questions:
1) What are the security implications of the GetPageContext() function in a
shared environment since it's impossible to disable it via CFAdm? Can I
manipulate/see or change CFServer info using the function?
2) CF ServiceFactory and access to other CFMX sensitive info/data/config
can't really be disabled? I'll offer CF shared hosting for non-for-profit
organizations here in Brazil (thanks to MM philanthropy program!) and I
think is better to disable CFOBJECT and CreateObject(), even using sandboxes
in the servers. Yes, people are very nice, but I'm not sure about their
programmers... I know that server, application and other shared scopes are
open for everyone but the ServiceFactory represents a very easy way to
determine who is on the server, what applications it has and even sessions
are running!
Does MM provide a TechNote or even some info regarding it? I know they have
blocked the access to some objects (eg. SecurityService) but it's a
wierd-error blocking and non documented. I've googled a lot of things
related but nothing conclusive nor explicative, specially focused on shared
hosting. Jochen has some nice info on his site but I'm looking for a way to
avoid the use of ServiceFactory instead of using it.
PS: multiple instances is not an option.
Many thanks!!
Alex
Alex Hübner - Tecnologia da Informação
Amigos da Terra - Amazônia Brasileira
http://www.amazonia.org.br
+5511 38879369 voz
+5511 38842795 fax
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
