In fact, you don't even need the Application name - you can use a
blank application name and dump out (and then change) every single
application on the box, regardless of sandboxing. If the host doesn't
restrict creatobject("java"...) then all bets are off. If the host
lets JSP run inside CF then there is no security.With shared hosting, security and functionality are opposing goals between which a tradeoff must be made. Unfortunately not all hosts understand CF enough to know where to strike the balance. On Thu, Feb 28, 2008 at 1:36 AM, Jim Davis <[EMAIL PROTECTED]> wrote: > None of the shared information is really, truly "safe". If you have the > application name then you can see all the information stored in it for > example. A good host will use various means to prevent people from getting > access to each other's folders with a shared process like CF running then > it's more likely that a bug or misconfiguration can allow such access. Once > you have that kind of access it's very likely that you'll be able to get > database access and perhaps dangerous information. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:300035 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
