It's not exactly true that "all sorts of code other than CF" have these sorts of problems in shared hosting environments. ASP.NET, for example, isolates every application from all the others just to avoid these problems. If you're running BlueDragon.NET, then your CFML inherits this application isolation so that multiple users can use the same CFAPPLICATION name without conflict. Also, with BlueDragon.NET, you don't have to turn off CFOBJECT to avoid security issues; again, this is because the underlying ASP.NET runtime insures that all applications are isolated from each other.
It just so happens that I'm working on my CFUNITED presentation on exactly this topic right now: http://www.cfunited.com/topics.cfm#168 Vince Bonfanti http://blog.newatlanta.com New Atlanta Communications, LLC http://www.newatlanta.com > -----Original Message----- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Saturday, April 23, 2005 2:12 PM > To: CF-Talk > Subject: RE: CrystalTech Users Beware > > > > Hashing your app name isn't going to protect you from others on a > > > shared server from looking in on you: > > > > > > <!--- application tracker object ---> <cfset appObj = > > > createObject("java","coldfusion.runtime.ApplicationScopeTracker")> > > > > But sandbox security can turn that off... > > Well, yes, assuming that CFML code is your only route of > attack. However, don't most shared hosting providers > typically let you run all sorts of code other than CF? I > think your best advice was what you said later in the thread > - don't expect too much security on a shared server unless > you're using server virtualization. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber > vendor-authorized instruction at our training centers in > Washington DC, Atlanta, Chicago, Baltimore, Northern > Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:204132 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54