On 3/6/07, Dave Watts <[EMAIL PROTECTED]> wrote: > That is part of your job as a developer,
It is my job to make them aware of the risks. Not to tell them what their job should and should not be. In this case the job was to input javascript into a web page that was a part of their existing CMS. The only way to get that job done was to shut off CF's scriptProtect. Sure. Inputting js into a web page is inherently dangerous. So is driving an automobile. That doesn't mean you can't go out for a drive. Nor does it mean you should try to convince others that they should not drive. It does of course mean the driver should be trained, the automobile in good working order and the act of driving be undertaken safely. By following sensible rules an inherently dangerous and potentially deadly act can become an integral part of everyday life with an acceptable level of safety and comfort. The same goes for inputting js into a web page. Don't let just anybody do it. Don't auth people to do it without proper training and comfort level with the individual. Put safeguards in place for recovery. Control everything that isn't opened up for this input. Put in audit controls and so on and so on. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271796 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
