But you wont get sandboxes and cfobject being disabled on the cheap, do what you want, everything enabled host, that is the whole point. If you want that kind of security, you usually have to go to a host that specialises in CF (like us) and knows what they are doing
Most people looking for a shared host do not want any restrictions and will look for the host with nothing disabled and the cheapest prices and don't really care about security until after something happens to them. You only have to see the posts on this list to see that really. Snake -----Original Message----- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: 09 May 2006 02:13 To: CF-Talk Subject: Re: Big SQL security hole at Crystaltech? With sandboxing and no cfobject (java) tag, this can be done with reasonable safety. On 5/9/06, Bryan Stevenson <[EMAIL PROTECTED]> wrote: > > Especially as a lot of clients put their username/passwor dinto the > > DSN , which means everyone else on the server can get into their > > database anyway using CFQUERY. > 2) If a client puts their user/pass in the DSN, it's their own damn > fault....not the ISP! (of course you'd still need the DSN to access > anything via CFQUERY) -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239882 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
