> As I keep saying and apparently no one is listening... I > expect the same BASIC security on a shared host. With no > sandboxing of memory, that is the same as NO security. Does > everyone hear me now?? I don't expect the same level. I do > expect more than just sandboxing of disk space. More than I > have repeated this same statement. > > This thread is done, finished, over and out. I've made my > point. I am sick of the crap of price meaning you have to > put up with lousy service and features that should be there > in a basic plan. This is not a $1 per month plan. This is a > middle of the road plan that should be providing AT LEAST A > BASIC LEVEL OF SECURITY! Currently with the lack of J2EE > sessions, it does not. For this I have both CrystalTech and > Macromedia to blame.
I'm not sure what you mean by a basic level of security. I can tell you that configuring security such that one developer can't affect another on the same machine is a hard, non-trivial problem, requiring quite a bit of attention to detail and limiting what developers can do within their own space. It's as simple as that, and I wouldn't want to be the one to guarantee to someone else that their application and its data was secure within a shared environment. Sandbox security uses directories to figure out how to restrict things, while CF applications are not bound by the filesystem - I can have ten different directories, with separate virtual web servers pointing to each, and still use the same CFAPPLICATION name in all of them, and that's one application! Given that, how could sandboxes possibly affect application memory variables? I don't think this is anything new with CFMX, either. In any case, if you want to isolate your code from my code, they can't be run within the same service, because my code could potentially make that service do something that it shouldn't be able to do, so at that point you're talking about separate services running with separate credentials. Considering that each JRun server has a minimum memory footprint of about 40 MB, you can't run too many of them on the same machine. Resources cost money, so you should expect to pay more for that level of isolation. I'm not sure what the lack of J2EE sessions has to do with any of this, either. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:204383 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
