I don't think they have gotten to all the servers yet, just mine :) ~Dave the disruptor~ This bottle of lemonaid says "contains no lemon juice" and the can of Pledge says "contains real lemon juice" figures @%*((&%
---------------------------------------- From: "James Holmes" <[EMAIL PROTECTED]> Sent: Thursday, June 02, 2005 11:01 PM To: CF-Talk <[email protected]> Subject: RE: Shared CF Host security Well, this isn't the case on my SmarterLinux server. I can still browse, download and view every file on the server using JSP. -----Original Message----- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Friday, 3 June 2005 6:06 To: CF-Talk Subject: Re: Shared CF Host security Don't ever let it be said that we don't listen to the voices of our clients. :-) We've implemented a fix for this security issue that spans all of our Linux servers running ColdFusion. Here's a synopsis from one of the techs involved in implementing the change: "We actually run two J2EE environments - JRun and Resin. While JRun does handle the Java processing for ColdFusion, Resin handles the requests for JSP pages and servlets. Java implements a security policy system that can prevent access. We have implemented security managemetn in the Resin server to prevent JSP pages from being able to read arbitrary files on the server. We have restricted code from each customer's home directory to: 1) a lengthy list of files and directories that Java and Resin require internally 2) log files for the site and for Resin 3) that customer's home directory." So, security in a shared hosting environment isn't exactly a myth, it just takes a little more work and flexibility. If anyone needs a more technical explanation of what we did, please let me know via email and/or a post here and I'd be happy to assist. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208480 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
