Yes you can, and we do, but some hosts don't, so I'm just giving a word of warning to thos eon a shared host who do have CreateObject(java) enabled.
Also, you can still CFDUMP the application scope with no application name and see all the application vars. Russ -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: 04 December 2006 21:31 To: CF-Talk Subject: RE: getSessionList.cfm UDF > While this is great for debugging etc, do you realise the security > implications. All customers on a shared server can write code like > this to view everyone elses (including yours) session and application > variables as for all apps on the server, which will often contain > personal data, shopping cart details, login information, database > passwords etc. > Another reason not to use shared hosting and another example of how > CFMX is just not suitable for shared hosting. Shared hosting is a tiny slice of where CF applications live. In any case, can't you disable CreateObject("java",...) with security sandboxes? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262822 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
