> J2EE server. It also is probably possible to
> request .CFM files that are protected against
> access with code in Application.cfm, since I
> don't think Application.cfm runs on a .forward().
> This is a VERY common means of security in Fusebox
> applications, particularly FB3.
I am pretty sure this is a troll, but just in case it's not...
This is actually very common security model for ALL CF apps, not just FB.
Also, FB3 actually uses it *less* frequently than most because the code
usually placed in Application.cfm is typically put into fbx_settings.cfm
instead.
I'd say that at any rate, the core problem here is application design and
the trustworthyness of developers (as has been stated in other messages),
NOT any particular design pattern or application framework.
-Cameron
-----------------
Cameron Childress
Sumo Consulting Inc
---
land: 858.509.3098
cell: 678.637.5072
aim: cameroncf
email: [EMAIL PROTECTED]
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
