If no-one comes up with any existing resources I'd be happy to collect the info and blog it. I've been going on about shared host security for a while and many of the people on this list have had various experiences with shared hosting.
Some basic ideas that come to mind as being worth discussion (i.e. I'm not claiming they are cast in stone as best practices but they make sense to me) are: - Shared CF should be done on CF Enterprise; security is near impossible on shared CF standard - All accounts need to be sandboxed for file access - For security, sandboxing should disable CFOBJECT/Createobject() (to prevent Java objects being instantiated) - JSP should not be allowed to run on the CF server (for security reasons) - Server accounts (FTP, SSH) need to be set up such that people can't read others' files via directory browsing - Either datasource usernames and passwords should be in the code and not saved in the CF Admin or all datasources should be sandboxed - Application scope data should contain no vital info as everyone one the sever has access to your application scope if they can determine the application name (which should be hard to predict and unique server-wide) - Tags and CFCs in custom tag paths and mappings should have a server-wide unique name and should have a unique directory name in the calling path in the case of CFCs I demonstrated the results possible when some of the above are missing here: http://www.robrohan.com/blog/index.cfm?mode=entry&entry=EDCB81D8-C8F0-B5 37-1824A53C962059D3 -----Original Message----- From: Anthony Crawford [mailto:[EMAIL PROTECTED] Sent: Sunday, 12 June 2005 10:39 To: CF-Talk Subject: CF on shared hosting Hi I am wondering if there are any resources on the net that describe best practices or FAQ's wrt building apps that are hosted on shared accounts. thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:209251 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
