Russ, thanks for the reply. Does proper sandboxing and cf9 alleviate the risks enough to be reasonably safe? If not, what are the risks?
On Mon, Aug 15, 2011 at 8:38 AM, Russ Michaels <[email protected]> wrote: > > Hi, > > we do not block cfobject, it is less of an issue in CF9 than previous > versions, it is CreateObject(java) that is more of an issue. > I'm afraid it is a toss up, you go with a host that disables all the > dangerous tags and work around it, safe in the knowledge that no-one else > on > the server can do anything dodgy either, or you go with a host that allows > dangerous tags and take the risk. > Any host should at least be using security sandboxes to lock down any takes > that allow I/O access, if they have just turned them on and have not sand > boxed, then they are extremely insecure and you should avoid them. > > > -- > > Russ Michaels > > www.cfmxhosting.co.uk : ColdFusion Hosting > www.cfmldeveloper.com : ColdFusion developer community + free > developer hosting > > www.michaels.me.uk : my blog > www.cfsearch.com : ColdFusion search engine > ** > *skype me* : russmichaels > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346756 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
