> > > If I am right, I should also be disabling createObject for .NET, COM, > CORBA and Java, but are there any other functions I should disable? > > That should do it if you are just after security.
If this is a CF8 Box, you can have createObject() for Java enabled, just remember to disable access to the ColdFusion components. This should mitigate access to things like the ServiceFactory, but still give your users access to the full functionality of Java. Not entirely sure createObject for .NET or COM would be a security issue? Mark -- E: [email protected] W: www.compoundtheory.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:320605 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
