> allow the cfcontent tag (among others) for CF 5 server... but
> allow it on MX servers. Why would this be? Is there something
> about MX that makes the security issues with cfcontent no
> longer an issue?
There was a specific security issue with CFCONTENT prior to CF 5, but it's
my understanding that it works the same way in 5 that it does in MX,
basically. Right around when CF 5 came out, MM issued a patch for CF 4.x
that many people complained about - it made CF slower! In either case, I
believe that the CFCONTENT tag, when used to fetch a file with the FILE
attribute, runs within the security context of the web server connector
rather than within CF's own security context.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
