Both statements are correct. CF won't allow us to prevent people from setting arbitrary variables inside CFCs (using object.FOO), but that doesn't mean it's a security issue. As long as the CFC itself NEVER uses any variables in the 'this' scope, it's irrelevant. That's why it's very important to never use the 'this' scope for anything.
Cheers, barneyb > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Andy Ousterhout > Sent: Tuesday, March 16, 2004 10:57 AM > To: [EMAIL PROTECTED] > Subject: RE: [CFCDev] Variable Naming, WAS: RFC, CFC Best Practices > > OK. (dim light bulb begins to blink on, then off) > > So... <cfset var foo="" /> sets for life of method, <cfset > variables.foo=""/> sets for life of CFC instance. > > But isnt "this.foo" read/writable from outside of the > instance -- <cfset > object.FOO = "just buy-passed all of your checks"> while > variable.FOO is > only read/writable to methods of the instance? ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
