Hi This one is for CF users. We use Cold Fusion extensively and as I have to write and read some text files, I have the CFFile tag active. I was wondering what measures other CF users, both on your own sites and those (using) sites providing CF as a service, do you take to ensure security of your data and of any other files. I would expect that those using CF from a service provider couldn't use the CFFile tag??? Do you have to get them to register your DB's in the Admin pages. I know I can put a password on a data source (DB) and turn off file access... but I need file access. What's to stop another legitimate, but malicious, user on the same server from using CF? That is, a user who is allowed on the server to put of straight HTML but not allowed to use CF (or even allowed to use CF but decides to go rogue with your stuff). This is an NT4 box running Netscape Enterprise 3 web server. I know that on an MS IIS server, I can turn off execute to their directories. We are moving servers and talking the opportunity to do an over all review of where we are, what we have and security. thanks Bruce ____________________________________________________________________ -------------------------------------------------------------------- Join The Web Consultants Association : Register on our web site Now Web Consultants Web Site : http://just4u.com/webconsultants If you lose the instructions All subscription/unsubscribing can be done directly from our website for all our lists. ---------------------------------------------------------------------
