> > Are there any legitimate reasons to allow average users > > access to the cfregistry tag? > > Yes, sometimes. We allow cfregistry so people can update > their own scheduled tasks. But that is in a sandboxed > environment. > > > I believe the tag should only accessible by cf admins for > > security purposes. > > Not necesarily. With decent ACL's on the registry they can't > do any harm.
I think it's difficult to set ACLs in such a way that someone using the tag can't do any harm at all, unless you set all ACLs to read-only. For example, I'd think it would be pretty easy to write something which just generated tons of junk registry keys in a writeable section. Given how the registry grows and fragments, this wouldn't be a good thing. This kind of thing is unlikely, even in a shared-server environment, but is difficult to protect against. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Why Share? Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
