Matt Liotta wrote: > I'm glad you're so happy with sandbox security. It still doesn't catch > everything in a shared hosting environment. Want proof? Setup me up with > a normal account on your shared hosting server, sign a waiver allowing > me to crack your machine, and wait. I'll send you every .cfm file on the > server, every database instances' schema and data, and every account's > username and password.
I will need: - a copy of the waiver - credentials/testimonials that you are "white hat" - an assesment of the risk you disturb normal operation of the machine If you get me those, I'll try to convince some people to do this. > I can even have an FBI agent supervise me while I > do it as they love free training. Free training in hacking my server? Why would they want that? In a few months nobody is using CF 4.5 anyway. > Of course you're free to just keep thinking shared hosting is secure. I know it is not. Just because none of the scenario's mentioned so far apply doesn't mean I can't think of others that will work. I am quite confident that our regular customers won't be able to take over the system, but because even Sandbox Security is partially security through obscurity I'm very interested in what an expert will do. > I won't mind, security consulting after the crack pays me quite well. Not in this case. If we consider the risk to high we will just send an email to our customers that we will stop hosting ColdFusion. ColdFusion hosting is not a service we want to provide at any cost (in fact, some people even consider the cost of CF MX too high already). Jochem ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
