Yep, we have done the modification so users cannot see others databases, but most don't.
As I have mentioned b4, it's a tossup with shared hosting, if you want cheap hosting and to be able to do what you like on the server without restriction, then you have to accept the lack of security that comes with it. You can't have all tags enabled and open EM access to your databases, and cheap as chips hosting and expect it to all be secure. We (www.cfmxhosting.co.uk) opt for the secure route. No EM access unless you have a static IP, and we then allow you through the firewall. No access to unsecure tags without a security sandbox No CreateObject (java) You get what you pay for at the end of the day. -- Russ -----Original Message----- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: 08 May 2006 18:14 To: CF-Talk Subject: Re: Big SQL security hole at Crystaltech? Yes this can be solved (don't ask me how though).....and yes that is a pretty SERIOUS screw-up on their part. The ISP I use does show you all other DBs on the shared server, but you cannot connect to any of them....so no seeing the tables and so on...just DB names....so it is doable. Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239836 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
