>On 3/28/2011 11:10 AM, Dave Burns wrote: >> My code looks like this: >> >> configName = "dev" >> if CGI.SERVER_NAME contains "blah.com" >> configName = "production" > >Which means that if I (or any joker poking at your site to see if they >can do something) who requests your site by its IP address could set >your production server into dev mode. > >CGI.SERVER_NAME is probably populated, but it is populated by what I put >into MY browser, just as long as that resulted in a request to YOUR server.
Well, since that code is in OnApplicationStart, only if you either a) knew the secret URL param and value to force a call to OnApplicationStart() or b) got lucky and were the very first page request to the app after a server restart. Both are possible but improbable. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343368 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
