SHORT ANSWER: TRUE
SLIGHTLY LONGER ANSWER:
The same applies to ASP, PERL, etc.. Hosting ANY application presents some
sort of inherent risk to the hosting company in a SHARED environment. It's
called "the nature of the beast"..
Cold Fusion Enterprise Edition, with its advanced security, can even that
score a bit, but most hosting companies don't really go that far unless they
SPECIALIZE in CF hosting. You may want to either seek THOSE kinds of
companies out, or consider CO-LOCATING your own server, which removes those
risks for the company hosting the bandwidth. Of course, that would open up a
whole NEW set of security considerations.. ;> Packet sniffers can be a nasty
thing too..
We don't host CF or ASP or any CGI for a client unless we know them and
trust them (and we have rock solid contracts too)... Generally we'll host
what we develop (cause we're primarily a development company).
my two cents..
Gregory
-------------------------------------------
annex.com, Inc. - http://www.annex.com/
-------------------------------------------
- If you EcoBuild it, they will come. -
- http://www.ecobuilder.com/ -
-------------------------------------------
> -----Original Message-----
> From: Garry Viner [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 07, 2000 2:39 AM
> To: [EMAIL PROTECTED]
> Subject: Is CF a "high risk application"?
>
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_000E_01C01903.4B82E640
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
>
> Hi all
>
> We have built a CF global bank trading platform, and
> currently the site is
> doing nicely. However the powers that be are moving the
> hosting of the site
> to a new company, who have made the following comments regarding Cold
> Fusion. Anybody know if this is true, and what's a good line
> of argument for
> convincing them that CF is the way to proceed into the
> future? Here is their
> statement:
>
> ColdFusion is considered a "high risk application", which
> means that it can
> be installed but the server SLA no longer applies for that server(s).
> ColdFusion is a security risk because Allaire has not
> published the actual
> rights required for ColdFusion to run under NT. For this
> reason, the only
> choice when running ColdFusion is to allow the ColdFusion
> application full
> administrative rights. This is a security risk both because
> any security
> flaw in ColdFusion allows the attacker full administrative
> privileges, and
> because #Host# must give administrative control to the customer.
>
> Any feedback would be greatly appreciated
>
> Thanks a lot
>
> Garry Viner
> --------------------------------------------------------------
> --------------
> --------
> Red 5 Interactive Media Pty Ltd
> Level 4, 9-13 Bronte Rd
> Bondi Junction NSW 2022
> Ph 61 2 9387 6493 Fax 61 2 9387 8355
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
