RE: [CFCDev] Per Application mappings WAS: Java CFCProxy info?

Mon, 03 Oct 2005 07:20:22 -0700 

Guessing? If java is enabled, you can iterate through all the applications
on the box.

appTracker = createObject("java",
"coldfusion.runtime.ApplicationScopeTracker");
appEnum = appTracker.getApplicationKeys();

Roland

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Dawson, Michael
Sent: Monday, October 03, 2005 9:31 AM
To: [email protected]
Subject: RE: [CFCDev] Per Application mappings WAS: Java CFCProxy info?

I don't see this being any more of a security risk than CFFILE and
CFDIRECTORY, et al.

Or, "guessing" another CFAPPLICATION's name and hijacking the sessions.

M!ke 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Chris
Sent: Sunday, October 02, 2005 5:43 PM
To: [email protected]
Subject: Re: [CFCDev] Per Application mappings WAS: Java CFCProxy info?

Hi Jim,

> Currently without a mapping you can't use many CFC features, 
> especially when you you'd like to package your CFCs.  Extending a CFC 
> with a CFC in another folder, type validation of CFCs, invocation, etc

> all essentially require mappings.

I didn't realize that CF doesn't allow variables in e.g. extends
attribute, because BlueDragon and Railo both do... which to me seems to
solve a lot of the mentioned issues.

I understand that self defined mappings do make a lot of sense in
certain situations, but still I see a possible security risk...

Best,

Chris


----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to
[email protected] with the words 'unsubscribe cfcdev' as the subject of the
email.

CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting
(www.cfxhosting.com).

CFCDev is supported by New Atlanta, makers of BlueDragon
http://www.newatlanta.com/products/bluedragon/index.cfm

An archive of the CFCDev list is available at
www.mail-archive.com/[email protected]







----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to 
[email protected] with the words 'unsubscribe cfcdev' as the subject of the 
email.

CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting 
(www.cfxhosting.com).

CFCDev is supported by New Atlanta, makers of BlueDragon
http://www.newatlanta.com/products/bluedragon/index.cfm

An archive of the CFCDev list is available at 
www.mail-archive.com/[email protected]

Reply via email to