> does it seem reasonably safe to use?
Yes, it does seem that way to me.
> And, if I'm entirely honest, I think the server admins
> are worried that developers will unwittingly open up
> security holes, so instead of helping to educate the
> developers as to what is safe and not safe, prefer to
> take the "safest" route by just disallowing java all
> together.
You might point out that you can easily, unwittingly create security holes
with just CF! For example, if you use unfiltered data from a form or a URL
within a CFQUERY tag, that data could contain code which your database
server will execute.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
