I don't see this being any more of a security risk than CFFILE and CFDIRECTORY, et al.
Or, "guessing" another CFAPPLICATION's name and hijacking the sessions. M!ke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Sent: Sunday, October 02, 2005 5:43 PM To: [email protected] Subject: Re: [CFCDev] Per Application mappings WAS: Java CFCProxy info? Hi Jim, > Currently without a mapping you can't use many CFC features, > especially when you you'd like to package your CFCs. Extending a CFC > with a CFC in another folder, type validation of CFCs, invocation, etc > all essentially require mappings. I didn't realize that CF doesn't allow variables in e.g. extends attribute, because BlueDragon and Railo both do... which to me seems to solve a lot of the mentioned issues. I understand that self defined mappings do make a lot of sense in certain situations, but still I see a possible security risk... Best, Chris ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). CFCDev is supported by New Atlanta, makers of BlueDragon http://www.newatlanta.com/products/bluedragon/index.cfm An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
