RE: DWMX 2004 - Whats new for us?

Sat, 06 Sep 2003 03:15:26 -0700 

I offered a solution doing just that in an article in the Feb 2002 CFDJ
called "Unlocking Restricted Use of CFFILE, CFCONTENT, and More", available
at http://www.sys-con.com/coldfusion/article.cfm?id=404.  It addresses how
to solve this problem in CF 5.

Before anyone sees that title and think I'm suggesting how to circumvent
security, please read the article. I'm showing how (as is suggested in the
notes below) one could implement a way to get around simple CFFILE security
in a controlled way in conjunction with the CF Admin. It's just a very
underrated CF5 feature (the "unsecured tags directory") that I point out. 

And for the later notes pointing up Sandbox Security and the potential to
solve this problem that way, I'll add as well that I wrote a couple of
articles on the subject late last year, at:


        ColdFusion Security, Part One: Understanding Sandbox/Resource
Security
        http://www.macromedia.com/desdev/security/articles/sandbox_01.html

        ColdFusion Security, Part Two: Sandbox/Resource Basics
        http://www.macromedia.com/desdev/security/articles/sandbox_02.html 


/charlie

> -----Original Message-----
> From: Thomas Chiverton [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 04, 2003 11:20 AM
> To: CF-Talk
> Subject: Re: DWMX 2004 - Whats new for us?
> 
> 
> On Thursday 04 Sep 2003 15:32 pm, Matt Liotta wrote:
> > > Right.
> > > But if your hosting provider has wiped out cffile ... ?
> >
> > Then I am sure they won't let you install a CFX that does the same
> > thing.
> 
> I don't think they'd have any choice.
> Of course, what they should do, is provide a cf_file which is
> a wrapper round 
> cffile, but appends your hosted directory path to all the 
> path/filename 
> arguments or something.
> 
> --
> Tom C
> "Land of the free, home of the brave... you have to be brave 
> to live there and 
> enjoy the freedoms"
> 
> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Get the mailserver that powers this list at 
http://www.coolfusion.com

Reply via email to