You're right, I'm not storing this stuff in an application scope. I was thinking that it was stealing all of the variables in an application - I overthought this problem.
Thanks, Matt Small -----Original Message----- From: Ben Forta [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 2:25 PM To: CF-Talk Subject: RE: CrystalTech says ALL variables must be locked Your CF instance is shared. Stuff in SERVER (which you generally should not be using anyway) is shared by all applications. Stuff in APPLCIATION is shared by all instances of the same <CFAPPLICATION NAME>. Stuff in SESSION is shared by all requests containing the same session identifiers. So yes, if you use the same <CFAPPLCIATION NAME> then those scopes will be shared. But, I assume (hope) you are not storing credit cards numbers in APPLICATION variables. That kind of stuff is likely in a database, and databases (data sources, actually) can indeed be locked down by using sandboxes. That is exactly what sandboxes are designed to do. If you are on a shared box then insist that your ISP has each application in a sandbox. If they don't or won't, dump them immediately! --- Ben -----Original Message----- From: Matthew Small [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 2:19 PM To: CF-Talk Subject: RE: CrystalTech says ALL variables must be locked So are you saying that all I have to do to get another application's information is to do that copy? Isn't this a security hole that those of us on shared servers and saving CC numbers need to worry about? - Matthew Small -----Original Message----- From: Ben Forta [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 2:10 PM To: CF-Talk Subject: RE: CrystalTech says ALL variables must be locked I assumed that too. But locking will not prevent that. Nothing will. If two apps have the same application name then they share scopes, simple as that. Unless you are running multiple CFs, that is. --- Ben -----Original Message----- From: Raymond Camden [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 2:03 PM To: CF-Talk Subject: RE: CrystalTech says ALL variables must be locked I think they are referring to this way of 'stealing' data: <cfapplication name="some other guys apps"> <cfset myCopy = duplicate(application)> <cfapplication name="original name of application"> All this will do is copy over the other app's application data. I _think_ I wrote a UDF for this on cflib.org. Defintely _NOT_ a big fat hairy deal. ======================================================================== === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc (www.mindseye.com) Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia) Email : [EMAIL PROTECTED] Blog : www.camdenfamily.com/morpheus/blog Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -----Original Message----- > From: Ben Forta [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 03, 2003 11:39 AM > To: CF-Talk > Subject: RE: CrystalTech says ALL variables must be locked > > > >> If not, other sites can steal them > > I have no idea what that even means! > > Regardless, it is worth noting that problems caused by the lack of > locking (CF4.x and CF5) can be slow and gradual. On a shared box you > may see memory corruption problems (do to the lack of locking) even if > your app has no shared scope variables at all. How? If another app on > the box uses shared scopes and fails to lock code. All CF apps share > the same instance. > > Which is why CFMX on J2EE is so compelling. Each app runs in its own > safe little world. > > --- Ben ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
