On Thu, Aug 30, 2012 at 10:17 PM, Russ Michaels wrote: > well the only reason they could have all those tags disabled is because > they do not use security sandboxes, which would imply they are hosting with > the standard edition of ColdFusion, and tus have to disable any tag which > allows files to be read/written from the server.
If that were the case they would disable tags like cffile and cfdirectory. Instead, what they have disabled are those tags that allows you to instantiate arbitrary Java/COM/.NET classes and run executables. (Plus cfdump which uses cfobject internally so would be broken if enabled.) Those are the tags that allow you to bypass even a properly configured security sandbox. Unfortunately sandboxes are imperfect and this is the price you pay if you have to share an instance with somebody else. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352387 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
