The only way your going to secure them i guess is to disable createObject() and any other tags that you can use to create an object to connect to a java class
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Barry Beattie Sent: Tuesday, June 28, 2005 8:49 AM To: CFAussie Mailing List Subject: [cfaussie] RE: Factory Services in CFMX 7.0 > You don't need to use them in CF7 Sean, are you actually asking - not whether *you* can use them - but how to stop others using them? Isn't this where running multiple instances on Enterprise version comes in? We only run standard here so it's just a guess (feel free to chime in, PPL) I suspect that, one of these days, MACR will disable illigitimate access to coldfusion.server.ServiceFactory so all those people who use sessionTracker etc, will be bitten... cheers barry.b (PS: thanx for your post about the schedual task and bootstrapping - you may be right ...bugger...) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Steve > Onnis > Sent: Tuesday, 28 June 2005 12:09 AM > To: CFAussie Mailing List > Subject: [cfaussie] RE: Factory Services in CFMX 7.0 > > > You don't need to use them in CF7 > > There is an admin API now in CF7 > > Steve > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Sean Bucklar > Sent: Monday, June 27, 2005 11:56 PM > To: CFAussie Mailing List > Subject: [cfaussie] Factory Services in CFMX 7.0 > > Random quick Q. > > I'm the office CF guy, but I've been off playing with other things for > the last year or so - and haven't touched CFMX 7.0 at all yet. Are > factory services in CFMX 7 securable - IE, in a shared hosting > environment - can we stop random users from running > > <CFSCRIPT> > factory=createObject("java", "coldfusion.server.ServiceFactory"); > sqlFactory=factory.DataSourceService; > </cfscript> > > <cfdump var=#sqlfactory.getdatasources()#> > > and grabbing a list of every stored DSN password on the server? Or is > it still a case of all dsn information stored in the administrator > should be considered public to anybody who can run code on the server, > regardless of sandboxing? > > Cheers > Sean Bucklar > [EMAIL PROTECTED] > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Aussie Macromedia Developers: http://lists.daemon.com.au/ > > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Aussie Macromedia Developers: http://lists.daemon.com.au/ > --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/ --- You are currently subscribed to cfaussie as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
