I would not think that is a cost effective solution either as there is such a small number of customers who would request to be on a "secure" server. We offer something like that called "semi-dedicated", but it is more expensive.
If CF had a web admin like Railo, it would solve all those type of issues really. On Mon, Feb 11, 2013 at 4:21 PM, Andrew Scott <andr...@andyscott.id.au>wrote: > > Russ, I never meant their own server. I meant put all customers who want > the robust onto the same sever. > > But I did raise an enhancement with Adobe, where my suggestion is to have > robust exceptions of by default and not be able to enable or disable from > the CF admin. However if the customer wants to exploit their own site then > they have the option to turn that level of exception on in the > Application.cfc > > > > On Tue, Feb 12, 2013 at 3:05 AM, Russ Michaels <r...@michaels.me.uk> > wrote: > > > > > unfortunately no host can afford to tell all their customers "your better > > off elsewhere". > > It would not be cost efficient at all to give a shared hosting customer > > their own server for the same price, they would lose money, I doubt the > > cost would even be remotely covered. > > > > Both of hose solutions would put any host out of business very quickly. > > > > > > On Mon, Feb 11, 2013 at 10:37 AM, Andrew Scott <andr...@andyscott.id.au > > >wrote: > > > > > > > > Yeah I guess, but that is why there are log files so there is really no > > > excuse. But how cost efficient would it be to just move those people > over > > > to their own server so they can effect themselves? > > > > > > And I would bet that it is these people who also turn off UAC on > Windows > > > and get all types of infections and could very well be the ones ftping > up > > > infected files to begin with. > > > > > > Russ, I hear you but then maybe they are better of else where if they > > can't > > > understand the implications. > > > > > > > > > -- > > > Regards, > > > Andrew Scott > > > WebSite: http://www.andyscott.id.au/ > > > Google+: http://plus.google.com/113032480415921517411 > > > > > > > > > On Mon, Feb 11, 2013 at 9:15 PM, Russ Michaels <r...@michaels.me.uk> > > > wrote: > > > > > > > > > > > Unfortunately Andrew things are never that simple. > > > > For every customer like yourself who wants this turned off, there > will > > be > > > > 100 customers who want it turned on. > > > > > > > > Most people do not know about or care about the security side of > > hosting, > > > > and just want everything enabled which makes their life easier. > > > > So as soon as they hear the word "disabled", their initial response > > will > > > be > > > > things like. > > > > 1) Our previous host did not do this > > > > 2) Then we will have to look for another host > > > > > > > > Many hosts are i'm sure simply giving in to the demands of the > majority > > > of > > > > their customers and providing them with the services they want even > > > though > > > > they are insecure. > > > > > > > > I regularly explain to customers/developers why cfexecute is > disabled, > > by > > > > they do not have read/write access to the entire server, why > > > > createobject(java) is disabled by default, and in in general why > things > > > > have to be locked down on a shared server. > > > > We do however stick to our main security policies, so our servers are > > > more > > > > secure than most, but this of course comes at a cost as many > customers > > > > simply will not accept such restrictions and would rather go and find > > an > > > > insecure host instead. > > > > > > > > At the end of the day If you want security and control over your > > hosting > > > > environment the solution is simple, "DO NOT USE SHARED HOSTING". > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354456 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
