- see footer for list info -<
IF Createobject is enabled then you can use it to access things like the
Java service factory and thus compromise the CFADMIN, or the IO subsystem.
Yes you can disable CreateObject() but this does cripple a lot of the CFMx
fucntionality, and people especially do want it for CFC's.
I think one of my ex-employers would probably be proud my security paranoia
these days :-)
Russ
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robertson-Ravo,
Neil (RX)
Sent: 06 September 2005 15:23
To: Coldfusion Development
Subject: RE: [CF-Dev] CFFile Folder creation
- see footer for list info -<
CreateObject *is* a CF Function. Surely if the sandbox prevents you calling
a Function such as this you cant instantiate a Java object? I know there was
a problem before where reflection would allow you to call java even if
sandboxing prevented createobject().
AFAIK CF 7 you can prevent access to CFC, COM, Java, Webservice and CORBA
based on "type" sandboxing.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Snake
Sent: 06 September 2005 15:18
To: 'Coldfusion Development'
Subject: RE: [CF-Dev] CFFile Folder creation
- see footer for list info -<
Sanboxes do not work on JAVA, CFX tags etc, they only work on CF tags and
fucntions.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robertson-Ravo,
Neil (RX)
Sent: 06 September 2005 14:47
To: Coldfusion Development
Subject: RE: [CF-Dev] CFFile Folder creation
- see footer for list info -<
Isn't this what Sandbox Security is for?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Snake
Sent: 06 September 2005 14:51
To: 'Coldfusion Development'
Subject: RE: [CF-Dev] CFFile Folder creation
- see footer for list info -<
Another scary thing about Createobject() and it's complete lack of security.
It's like having FSO access to the whole server.
Russ
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robertson-Ravo,
Neil (RX)
Sent: 06 September 2005 14:38
To: Coldfusion Development
Subject: RE: [CF-Dev] CFFile Folder creation
- see footer for list info -<
You can also use Java thus:
createObject("java", "java.io.File").init(x).mkdirs();
Where x is the folder you want to create (full path) - if it doesn't exist
it will create it, if it does exists, it will ignore the fact it exists and
continue parsing.
N
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stephen Moretti
Sent: 06 September 2005 14:35
To: Coldfusion Development
Subject: Re: [CF-Dev] CFFile Folder creation
- see footer for list info -<
RichL wrote:
- see footer for list info -<
Hello
i am trying to do a CFFile copy of an Access DB for bkup before doing
an update.
For the destination i was using a path which creates a new folder but
CF
is
complaining that it doesn't it exist.
My expectation was that CF would create the new directory but
obviously not... is there any way that i can do this?
<cfdirectory action="create" directory="mydirectoryname"> ;)
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
-<
This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful. If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910. The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions.
Visit our website at http://www.reedexpo.com
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
-<
This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful. If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910. The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions.
Visit our website at http://www.reedexpo.com
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful. If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910. The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions.
Visit our website at http://www.reedexpo.com
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
