Yes but guessing the application name is not easy...
On 9/22/07, James Holmes <[EMAIL PROTECTED]> wrote:
> Sorry, that's just completely wrong.
>
> Any page, anywhere on the server, can use your Application name and
> get your Application scope variables; this can't even be prevented
> with sandboxing. If I have access to createObject("java") (which can
> be sandboxed out), I can even use the service factory to get your
> application name (and the app names for everyone else) and get
> everything in your application (and for that matter your sessions
> too).
>
> In fact I have a session tracker for monitoring purposes on our
> servers that relies on this ability.
>
> On 9/21/07, Brian Kotek wrote:
> > They can't, and I'm 99% sure they never have been. The only code that can
> > read an application variable is code that lives under a directory where the
> > cfapplication tag with that application name. Many people store this info
> > in an application-scoped Config CFC and pass that into whatever other CFCs
> > need it.
> >
> > On 9/21/07, Andrew Grosset wrote:
> > >
> > > I use the request scope for database name, username & password for
> > > cfqueries since I believe application variables can be read by all on a
> > > shared server - not sure if this is still the case though.
>
>
> --
> mxAjax / CFAjax docs and other useful articles:
> http://www.bifrost.com.au/blog/
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Get the answers you are looking for on the ColdFusion Labs
Forum direct from active programmers and developers.
http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72&catid=648
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289182
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
