Yes but guessing the application name is not easy...
On 9/22/07, James Holmes <[EMAIL PROTECTED]> wrote: > Sorry, that's just completely wrong. > > Any page, anywhere on the server, can use your Application name and > get your Application scope variables; this can't even be prevented > with sandboxing. If I have access to createObject("java") (which can > be sandboxed out), I can even use the service factory to get your > application name (and the app names for everyone else) and get > everything in your application (and for that matter your sessions > too). > > In fact I have a session tracker for monitoring purposes on our > servers that relies on this ability. > > On 9/21/07, Brian Kotek wrote: > > They can't, and I'm 99% sure they never have been. The only code that can > > read an application variable is code that lives under a directory where the > > cfapplication tag with that application name. Many people store this info > > in an application-scoped Config CFC and pass that into whatever other CFCs > > need it. > > > > On 9/21/07, Andrew Grosset wrote: > > > > > > I use the request scope for database name, username & password for > > > cfqueries since I believe application variables can be read by all on a > > > shared server - not sure if this is still the case though. > > > -- > mxAjax / CFAjax docs and other useful articles: > http://www.bifrost.com.au/blog/ > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get the answers you are looking for on the ColdFusion Labs Forum direct from active programmers and developers. http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72&catid=648 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289182 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4