At the moment, if you use GetPageContext().include() on a JSP on my SmarterLinux server you get a null pointer exception.
Regardless, 2 is the case and the code will run in the CF security context of the calling page. The CF sandboxing takes over in this case. Anyone can verify this on their own dev server (as I have just done). Since the server is sandboxed this is perfectly acceptable. -----Original Message----- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Saturday, 4 June 2005 3:11 To: CF-Talk Subject: RE: Shared CF Host security >> "We actually run two J2EE environments - JRun and Resin. >> While JRun does handle the Java processing for ColdFusion, Resin >> handles the requests for JSP pages and servlets. > >What happens if you use getPageContext.include() from within a CFML >page to invoke a JSP page directly? > Good question....There's two possibilities: 1) CF makes the request for the page via Apache (as I think it *should*, to preserve the users' preferences about type handling, rewrites and other such web server configurations). In this case, the JSP is still handled through Resin, same situation applies. 2) Cf is hijacks it straight to JRun (which I think is more likely, since the user has put JSP code into a ColdFusion page, supposing that CF will happily run JSP code from a .cfm page. Not sure if that's correct behavior or not.). In this case, they have avoided the security we have implemented. Anyone care to test this? Dave your account is on the only server running this config on our network right now - can you test what he's talking about? Also, we'll have the other Linux CF servers done over the weekend, I believe. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208586 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
