Jamie Price wrote: > > "We actually run two J2EE environments - JRun and Resin. While JRun does > handle the Java processing for ColdFusion, Resin handles the requests for JSP > pages and servlets. > > Java implements a security policy system that can prevent access. We have > implemented security managemetn in the Resin server to prevent JSP pages from > being able to read arbitrary files on the server. We have restricted code > from each customer's home directory to: > > 1) a lengthy list of files and directories that Java and Resin require > internally > 2) log files for the site and for Resin > 3) that customer's home directory."
So you moved .jsp processing from JRun to Resin, and then secured Resin using Policy Files. Are you still using the Sandboxes functionality native to CF to secure CF or are you using Policy Files there too? > So, security in a shared hosting environment isn't exactly a myth, it just > takes a little more work and flexibility. If anyone needs a more technical > explanation of what we did, please let me know via email and/or a post here > and I'd be happy to assist. I am very interested. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208459 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
