Your CF instance is shared. Stuff in SERVER (which you generally should
not be using anyway) is shared by all applications. Stuff in APPLCIATION
is shared by all instances of the same <CFAPPLICATION NAME>. Stuff in
SESSION is shared by all requests containing the same session
identifiers. So yes, if you use the same <CFAPPLCIATION NAME> then those
scopes will be shared.

But, I assume (hope) you are not storing credit cards numbers in
APPLICATION variables. That kind of stuff is likely in a database, and
databases (data sources, actually) can indeed be locked down by using
sandboxes. That is exactly what sandboxes are designed to do. If you are
on a shared box then insist that your ISP has each application in a
sandbox. If they don't or won't, dump them immediately!

--- Ben





-----Original Message-----
From: Matthew Small [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 03, 2003 2:19 PM
To: CF-Talk
Subject: RE: CrystalTech says ALL variables must be locked


So are you saying that all I have to do to get another application's
information is to do that copy?  Isn't this a security hole that those
of us on shared servers and saving CC numbers need to worry about?

- Matthew Small

-----Original Message-----
From: Ben Forta [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 03, 2003 2:10 PM
To: CF-Talk
Subject: RE: CrystalTech says ALL variables must be locked


I assumed that too. But locking will not prevent that. Nothing will. If
two apps have the same application name then they share scopes, simple
as that.

Unless you are running multiple CFs, that is.

--- Ben



-----Original Message-----
From: Raymond Camden [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 03, 2003 2:03 PM
To: CF-Talk
Subject: RE: CrystalTech says ALL variables must be locked


I think they are referring to this way of 'stealing' data:

<cfapplication name="some other guys apps">
<cfset myCopy = duplicate(application)>
<cfapplication name="original name of application">

All this will do is copy over the other app's application data. I
_think_ I wrote a UDF for this on cflib.org.

Defintely _NOT_ a big fat hairy deal.

========================================================================
===
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
(www.mindseye.com)
Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia)

Email    : [EMAIL PROTECTED]
Blog     : www.camdenfamily.com/morpheus/blog
Yahoo IM : morpheus

"My ally is the Force, and a powerful ally it is." - Yoda 

> -----Original Message-----
> From: Ben Forta [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 03, 2003 11:39 AM
> To: CF-Talk
> Subject: RE: CrystalTech says ALL variables must be locked
> 
> 
> >> If not, other sites can steal them
> 
> I have no idea what that even means!
> 
> Regardless, it is worth noting that problems caused by the lack of
> locking (CF4.x and CF5) can be slow and gradual. On a shared box you 
> may see memory corruption problems (do to the lack of locking) even if

> your app has no shared scope variables at all. How? If another app on
> the box uses shared scopes and fails to lock code. All CF apps share 
> the same instance.
> 
> Which is why CFMX on J2EE is so compelling. Each app runs in its own
> safe little world.
> 
> --- Ben




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
                                

Reply via email to