> > > In the case where everything's locked down by default, nothing works, > and admins need to learn how to remove security to allow access to a > web application. > > I'm not sure I see much difference there. Either way, someone needs to > know how web application security works. If you're in the business of > building web applications, this is a fundamental part of your job. >
The difference is that - via the current way - the admin *doesn't* need to know about web security. That's the difference. -- Adam ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358118 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm