How about this issue. You lock down ColdFusion to the max and CFFile is completely disabled. The person who did the install now uploads a legacy site that uses a lot of cffile tags. Now you have a user who is complaining "Adobe broke my code".
We can't please everyone and I believe the standard pretty much everywhere is install open with lockdown options and give direction on how to secure it more. -----Original Message----- From: Andrew Scott [mailto:[email protected]] Sent: Wednesday, March 26, 2014 11:46 AM To: cf-talk Subject: Re: "The long tail of ColdFusion fail" I agree with Ben and Dave.... There was a point, where I was siding with Adam on this. But Ben you make a good point, which I think Dave was trying to get at. SysAdmins by default are the type that want to do everything, they need to know what it is they have control over. Therefore, if Adobe in this case locked it down, they would become too complacent with the product. But.... Where Adam is coming from, is that there are a lot more people out there developing and maintaining cheap VPS servers for clients, which has been a huge push by the Community to some degree when hosting ever pops up. You know I feel safer having someone who manages the SysAdmin side of it, than rely on my knowledge as a developer. The problem is the perception of the younger developers coming up, is just that, they expect things to be done for them, in cases like what Adam is describing is that it is locked down 100%. Which I think would force these younger, newer developers to ColdFusion, to then learn the security of ColdFusion if they are forced to begin unlocking what they need. Now the question is how would Adobe then begin to cater for both those worlds? Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358129 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
