Look... I hate to beat a dead horse... But anybody who hosts CFMX... How the
HELL are they securing factory services? Or are they just leaving registry
and security control with a known vulnerability wide enough to put a truck
through, and praying that nobody run's an unsecured file upload script to an
accessible directory (Say an Avatar function on a webboard... or a resume
submission... just as the most common two that spring to mind.)
<cfscript>
// setup class to cfmx internals
factory=createObject("java", "coldfusion.server.ServiceFactory");
</cfscript>
<cfdump var="#factory#" label="factory">
Take note of registry and security control fuctions that can't be locked
down without sandboxing off CFOBJECT and createobject()... IE half neutering
an application.
Honestly, I'm half way towards giving my teeth for a solution to lock this
down so that factory services are disabled, but the cfadministrator still
functions and object handling of stuff other then the local java objects is
still functional.
I've looked at solutions out the nose... but the most reasonable I've come
across so far is to map the factory service objects to cd and only put the
CD in the server when you want to access cfadministrator... but with remote
data centers (Ie Hongkong/Tokyo ... or just across town) thats a hell of a
pain in the arse. Especially if your trying to keep a scalable model.
----- Original Message -----
From: "Christian van der Plaat" <[EMAIL PROTECTED]>
To: "CFAussie Mailing List" <[EMAIL PROTECTED]>
Sent: Wednesday, February 05, 2003 2:03 PM
Subject: [cfaussie] RE: Cheap hosting
> If your after good reliable (cheap) hosting look at www.it3host.com
>
> CF MX, CFFILE, heaps and heaps pf features for $25 per month, well 300 per
> year, but they have a special of $276 per year ($23 per month, payable
> yearly) , NT and UNIX hosting, plan details at www.it3host.com. Prices in
> $AUS. guaranteed uptimes and all that.
>
> Plan details and information: http://www.it3host.com/hosting.cfm
>
> Any how sorry for the sale pitch but I am just replying to the message
> below. (*evil grin) very reliable and good tech support.
>
> All the best, Chris
>
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Simon
> Handfield
> Sent: Wednesday, 5 February 2003 11:42 AM
> To: CFAussie Mailing List
> Subject: [cfaussie] RE: Cheap hosting
>
>
> Fasthit
>
> www.fasthit.net
>
> Aust dollar prices.
>
> static site hosting from $15/month
>
> CFMX & Access/mySQL from $30/month
>
> Have mail forwarding,etc.
>
> :)
> s
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Pete
> > Mawhinney
> > Sent: Wednesday, 5 February 2003 11:49
> > To: CFAussie Mailing List
> > Subject: [cfaussie] RE: Cheap hosting
> >
> >
> > Site general seems to do the trick for us but we only use them for
> > email.
> >
> > http://www.sitegeneral.com.au/
> >
> >
> > Pete Mawhinney
> >
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of
> Knott,
> > Brian
> > Sent: Wednesday, 5 February 2003 11:00 AM
> > To: CFAussie Mailing List
> > Subject: [cfaussie] Cheap hosting
> >
> > Anyone recommend a cheap hosting site. Does not have to have
> > CF or SQL,
> > just a static site with a domain name pointing to it, may be a few
> > mailboxes.
> >
> > Brian Knott
> >
> > ---
> > You are currently subscribed to cfaussie as:
> [EMAIL PROTECTED]
> > To unsubscribe send a blank email to
> > [EMAIL PROTECTED]
> >
> > MX Downunder AsiaPac DevCon - http://mxdu.com/
> >
> >
> >
> > ---
> > You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> > To unsubscribe send a blank email to
> > [EMAIL PROTECTED]
> >
> > MX Downunder AsiaPac DevCon - http://mxdu.com/
> >
> >
>
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
[EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/
>
>
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
[EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/
>
---
You are currently subscribed to cfaussie as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MX Downunder AsiaPac DevCon - http://mxdu.com/
