So ... a client wants to know just how risky it is to temporarily
allow java.security.AllPermission ?
It's clear it's not good, but how bad is it? What exactly could
someone do to a server that's behind firewalls and load balancers?
thanks,
Chris
Here's what they're asking about enabling:
\Jrun4\lib\jrun.policy
// to grant wide-open security access to all code, uncomment this line
// permission java.security.AllPermission;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352671
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
