Well there u have the generic problem with JAVA and thus Coldfusion, it is just not intended for shared hosting. Too many holes. If you have CreateObject() enabled, you can also kiss your security goodbye, but you can't really get away with disabling ut as too many people need it.
Russ -----Original Message----- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 13:41 To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com It was a problem on my old HMS server, which allowed JSP to be executed and didn't have any JSP security mechanism. I was able to read the source code of every site on the server and therefore get any DSN password that wasn't in the CF Admin. That's why I moved to a new server on which JSP is better managed (via Resin). On 1/11/06, Snake <[EMAIL PROTECTED]> wrote: > If you don't put your username/password into your DSN then it's not a > problem. > You should never ever do this on live server anyway. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229150 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
