> While this is great for debugging etc, do you realise the
> security implications. All customers on a shared server can
> write code like this to view everyone elses (including yours)
> session and application variables as for all apps on the
> server, which will often contain personal data, shopping cart
> details, login information, database passwords etc.
> Another reason not to use shared hosting and another example
> of how CFMX is just not suitable for shared hosting.
Shared hosting is a tiny slice of where CF applications live. In any case,
can't you disable CreateObject("java",...) with security sandboxes?
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Create robust enterprise, web RIAs.
Upgrade & integrate Adobe Coldfusion MX7 with Flex 2
http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262804
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
