>At this point in the discussion I'd like to invite anyone who knows of a >shared host WITH A CLUE to give us all their details...
Dave alerted me to this thread and the problem with CFMX + JSP just today, so I'm going to be investigating this as well on the HMS end. I can tell you that the initial reason why JSP can't be locked down is that a number of clients are using it for a legitimate purpose - we can't just shut it off and tell those clients that we suddenly became security-conscious and they have to deal and find a shoddy host that will let them run their app. On the other hand, I can't see us allowing this to continue either. Just because you're on a shared host it doesn't mean that you're on an insecure server. It will never be as tightly locked down as a dedicated server (or even a VPS, which is new at HostMySite) however that doesn't mean you're publishing your code for the world to see. IF that were the case we would change our name to HostMyBBS. :-) Seriously, I will be taking this up with the CEO and COO tomorrow, and we'll be looking into possible alternatives so everyone gets what they want. I suspect the solution will be a little different for Windows as opposed to the Linux-based sites, however I'm not fluent in CFMX/JSP so I can't say for certain. If any of you have any suggestions that would accomplish both the functionality and the security, I'd be more than happy to entertain them and bring them before the CEO. I can assure you that your suggestions will not be brushed aside lightly for ANY reason. Along a similar vein, locking down datasources via sandbox security was at one time considered, however it was discarded I believe because clients can attain the same level of security by simply adding a user/pass to their code via the Application.cfm and referencing the datasource that way. We will add the user/pass to the DSN upon request, however we ALWAYS tell clients before doing so that they are basically inviting other users on the server to read/write to their database. If you have any questions and the CF mods have no problems with my being here, please feel free to post them and I'll either answer them to the best of my ability or find another rep from HostMySite.com who can. Jamie Price Email Administrator, Sr. Tech Support Rep HostMySite.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207112 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
