I was saying it is insecure IF customers put their login into the DSN. This is not directed at any shared host, but is a comment about shared hosting in general. Shared hsoting cannot be considered secure by any means, as your sharing a server with hundreds of other people, any of which could find a backdoor, vulnerability or hack into your data. And cF in particular is horrible on shared hosting, some things you just cannot lock down period unless you cripple CF's functionality.
You either do not give people access to cfobject/createobject and cripple their ability use CFC's and certain frameworks or even run their exsiting code, or you allow these tags/functions and open up your whole server to abuse. Unfortunately the latter is the only real option as not many people will host without those tags/functions. Russ -----Original Message----- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: 09 May 2006 16:38 To: CF-Talk Subject: Re: Big SQL security hole at Crystaltech? >I didn't say it was. Sorry....felt like you were saying shared hosting was insecure because DSNs could be guessed ;-) flippin e-mail! ;-) Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239941 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
