Granted they shouldn't have unrestricted access, but I would argue that you should be able to call them within your own application or else the ability to build complex applications begins to be pretty well hampered, no?
---------------------------------------- From: "Dave Watts" <dwa...@figleaf.com> Sent: Tuesday, November 09, 2010 12:49 PM To: "cf-talk" <cf-talk@houseoffusion.com> Subject: Re: CF Blog software > Some of those are reasonable, but CFCONTENT, CFDUMP, CreateObject()?? Go > to CrystalTech for a few bucks a quarter or something. CFCONTENT and CreateObject both have serious security implications. Russ knows better than me about sandboxing, but those tags and functions shouldn't be allowed unrestricted access in a shared hosting environment. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339005 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
