If your on a shared server, unless you have sandboxes in place, anyone can get to any file on the server if all thetags are enabled. So they could use CFFILE and CFDIRECTORY to get a list of all your files, and copy them to their own site and view the source (or just delete the files), or CFFTP them to another location. They can then not only view your code, but could also see your database name, username, password if you have this in your code, and access your database wheneve rthey like. I have a fair of info about security and sandboxes on my blog. http://russ.michaels.me.uk
-- Snake -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 07 November 2006 18:04 To: CF-Talk Subject: CFC security All, I'm lookiing for some insight on cfc securtity. For example if someone knew the webroot_path/folder/ where cfcs were located, would it easy for somoeone to point to a cfc as a Web service and retrieve, delete or insert data? If yes to the above question, what are some good approaches to securing cfcs? Thanks. D ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:259460 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
