cfobject sure, but cfcontent ? On Fri, Aug 31, 2012 at 9:52 PM, Jochem van Dieten <joch...@gmail.com>wrote:
> > On Thu, Aug 30, 2012 at 10:17 PM, Russ Michaels wrote: > > well the only reason they could have all those tags disabled is because > > they do not use security sandboxes, which would imply they are hosting > with > > the standard edition of ColdFusion, and tus have to disable any tag which > > allows files to be read/written from the server. > > If that were the case they would disable tags like cffile and > cfdirectory. Instead, what they have disabled are those tags that > allows you to instantiate arbitrary Java/COM/.NET classes and run > executables. (Plus cfdump which uses cfobject internally so would be > broken if enabled.) Those are the tags that allow you to bypass even a > properly configured security sandbox. > > Unfortunately sandboxes are imperfect and this is the price you pay if > you have to share an instance with somebody else. > > Jochem > > -- > Jochem van Dieten > http://jochem.vandieten.net/ > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352389 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
