Re: An ISP's Dream: Extensions in one sandbox, client code in another
Blum, Jason (SAA) wrote: Yes, the CFEXECUTE was a bad example. Suppose instead you hosted all a University's various colleges' websites on one server. Make that fraternities and student societies and I do :-) None of them had particularly good developers and instead of teaching them all SQL and relational database theory You would be surprised how little CS students know about databases. I much prefer EE students as webmaster :-) you just gave them backend logins to a CMS which you then queried on the front end. You even packaged that query in a custom tag or component. It's all working so well that you now want to discourage new grad students from even trying their own sql queries in their code, but instead to tie only into your custom tag. And this is the part that would not work (at least for us). The thing is that they all have different needs and they all want to integrate with different backend systems. The rowing society wants to tie his user db into a reservation system for the boats. Fraternities want to tie it into a database for bookkeeping the beer. Student houses want to tie it into a system to keep track of who will attend dinner. And they are students, so they want to do it the hard way no matter how easy you make it. How do you keep the calling templates' sandbox restrictions from extending to their use of your custom tag? You don't. Not in the way CF works (but I think it is a Java thing so you might have more luck with C customtags). But in your scenario, why not just install PHPNuke for them and give them the admin password of that? If you don't want them to write code, why not go the whole way and write a content management system and let them use that, don't even give them FTP access to a server. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: An ISP's Dream: Extensions in one sandbox, client code in another
Hey Jochem, Really appreciate your thoughts on this... Suppose you do want all of your students to be able to experiment with CFML. You want them to learn about SQL perhaps within the confines of QoQ. But you know they come and go every year and aren't around long enough to learn advanced best practices. SO you do things like enforce strict tag attributes and have CFAdmin check all locks. But they're not really ready to write complex stored procedures and outer joins with nested selects or something. So, you package these in custom tags and disable their CFQUERY to prevent them from even trying it. CFML is so wonderful because it is so easy to pick up. But it is powerful and as the language evolves, it might be helpful to make the security framework even more flexible to allow a campus ISP to perhaps host tiered contribution groups. (If you hang my server, you get bumped down to the novice group where you can only call custom tags...) Am trying to think of better examples. Again, thanks. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 4:37 AM To: CF-Talk Subject: Re: An ISP's Dream: Extensions in one sandbox, client code in another Blum, Jason (SAA) wrote: Yes, the CFEXECUTE was a bad example. Suppose instead you hosted all a University's various colleges' websites on one server. Make that fraternities and student societies and I do :-) None of them had particularly good developers and instead of teaching them all SQL and relational database theory You would be surprised how little CS students know about databases. I much prefer EE students as webmaster :-) you just gave them backend logins to a CMS which you then queried on the front end. You even packaged that query in a custom tag or component. It's all working so well that you now want to discourage new grad students from even trying their own sql queries in their code, but instead to tie only into your custom tag. And this is the part that would not work (at least for us). The thing is that they all have different needs and they all want to integrate with different backend systems. The rowing society wants to tie his user db into a reservation system for the boats. Fraternities want to tie it into a database for bookkeeping the beer. Student houses want to tie it into a system to keep track of who will attend dinner. And they are students, so they want to do it the hard way no matter how easy you make it. How do you keep the calling templates' sandbox restrictions from extending to their use of your custom tag? You don't. Not in the way CF works (but I think it is a Java thing so you might have more luck with C customtags). But in your scenario, why not just install PHPNuke for them and give them the admin password of that? If you don't want them to write code, why not go the whole way and write a content management system and let them use that, don't even give them FTP access to a server. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: An ISP's Dream: Extensions in one sandbox, client code in another
Even better... Install multiple instances of MX on JRUN and designate each instance as a different skill set or tier if you will; each instance can be administered independantly thus allowing you to lock down some tags and what not... Just my two cents... Mike - Original Message - From: Blum, Jason (SAA) [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, August 04, 2003 5:57 AM Subject: RE: An ISP's Dream: Extensions in one sandbox, client code in another Hey Jochem, Really appreciate your thoughts on this... Suppose you do want all of your students to be able to experiment with CFML. You want them to learn about SQL perhaps within the confines of QoQ. But you know they come and go every year and aren't around long enough to learn advanced best practices. SO you do things like enforce strict tag attributes and have CFAdmin check all locks. But they're not really ready to write complex stored procedures and outer joins with nested selects or something. So, you package these in custom tags and disable their CFQUERY to prevent them from even trying it. CFML is so wonderful because it is so easy to pick up. But it is powerful and as the language evolves, it might be helpful to make the security framework even more flexible to allow a campus ISP to perhaps host tiered contribution groups. (If you hang my server, you get bumped down to the novice group where you can only call custom tags...) Am trying to think of better examples. Again, thanks. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 4:37 AM To: CF-Talk Subject: Re: An ISP's Dream: Extensions in one sandbox, client code in another Blum, Jason (SAA) wrote: Yes, the CFEXECUTE was a bad example. Suppose instead you hosted all a University's various colleges' websites on one server. Make that fraternities and student societies and I do :-) None of them had particularly good developers and instead of teaching them all SQL and relational database theory You would be surprised how little CS students know about databases. I much prefer EE students as webmaster :-) you just gave them backend logins to a CMS which you then queried on the front end. You even packaged that query in a custom tag or component. It's all working so well that you now want to discourage new grad students from even trying their own sql queries in their code, but instead to tie only into your custom tag. And this is the part that would not work (at least for us). The thing is that they all have different needs and they all want to integrate with different backend systems. The rowing society wants to tie his user db into a reservation system for the boats. Fraternities want to tie it into a database for bookkeeping the beer. Student houses want to tie it into a system to keep track of who will attend dinner. And they are students, so they want to do it the hard way no matter how easy you make it. How do you keep the calling templates' sandbox restrictions from extending to their use of your custom tag? You don't. Not in the way CF works (but I think it is a Java thing so you might have more luck with C customtags). But in your scenario, why not just install PHPNuke for them and give them the admin password of that? If you don't want them to write code, why not go the whole way and write a content management system and let them use that, don't even give them FTP access to a server. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: An ISP's Dream: Extensions in one sandbox, client code in another
Blum, Jason (SAA) wrote: Suppose you do want all of your students to be able to experiment with CFML. You want them to learn about SQL perhaps within the confines of QoQ. No way. QoQ is an abomination. Why wouldn't I want them to use a real database? But you know they come and go every year and aren't around long enough to learn advanced best practices. SO you do things like enforce strict tag attributes and have CFAdmin check all locks. Those are CF 5 issues, not CF MX (or RedSky). But they're not really ready to write complex stored procedures and outer joins with nested selects or something. So, you package these in custom tags and disable their CFQUERY to prevent them from even trying it. What is wrong with them trying it? Worst case they corrupt their own data. They are entitled to corrupt their own data, aren't they? CFML is so wonderful because it is so easy to pick up. But it is powerful and as the language evolves, it might be helpful to make the security framework even more flexible to allow a campus ISP to perhaps host tiered contribution groups. (If you hang my server, you get bumped down to the novice group where you can only call custom tags...) Running multiple instances should allow you to do so. One instance for yourself, one for each customer that needs it and one for the rest all together in sandboxes. But the sandboxes only disallow the basics like file system access outside their own directory and the use of COM objects, not cfquery. I still don't see why you would want to disallow people from doing such basic things as cfquery. What is the point of that? Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: An ISP's Dream: Extensions in one sandbox, client code in another
In addition to what Jochem wrote, I think it is even more important to structure the envionrment in a way that enables students to learn from their mistakes; such as if they mess up the DB or their data, thats just one more thing they can learn from. Just plan for it... have two databases running on a server so when one is mangled you can switch to the other one and vice versa Now in a real world situation, resources are limited to some extent or should be anyway. Mike - Original Message - From: Jochem van Dieten [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Monday, August 04, 2003 7:41 AM Subject: Re: An ISP's Dream: Extensions in one sandbox, client code in another Blum, Jason (SAA) wrote: Suppose you do want all of your students to be able to experiment with CFML. You want them to learn about SQL perhaps within the confines of QoQ. No way. QoQ is an abomination. Why wouldn't I want them to use a real database? But you know they come and go every year and aren't around long enough to learn advanced best practices. SO you do things like enforce strict tag attributes and have CFAdmin check all locks. Those are CF 5 issues, not CF MX (or RedSky). But they're not really ready to write complex stored procedures and outer joins with nested selects or something. So, you package these in custom tags and disable their CFQUERY to prevent them from even trying it. What is wrong with them trying it? Worst case they corrupt their own data. They are entitled to corrupt their own data, aren't they? CFML is so wonderful because it is so easy to pick up. But it is powerful and as the language evolves, it might be helpful to make the security framework even more flexible to allow a campus ISP to perhaps host tiered contribution groups. (If you hang my server, you get bumped down to the novice group where you can only call custom tags...) Running multiple instances should allow you to do so. One instance for yourself, one for each customer that needs it and one for the rest all together in sandboxes. But the sandboxes only disallow the basics like file system access outside their own directory and the use of COM objects, not cfquery. I still don't see why you would want to disallow people from doing such basic things as cfquery. What is the point of that? Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: An ISP's Dream: Extensions in one sandbox, client code in another
Michael T. Tangorre wrote: Just plan for it... have two databases running on a server so when one is mangled you can switch to the other one and vice versa Now in a real world situation, resources are limited to some extent or should be anyway. We have long since adopted the position that it is easier to just buy extra harddisks as to set, maintain, measure and enforce quota on disk use, bandwidth use and databases :-) (If university provides you with a bunch of switch ports and power plugs for free, business rules change quite a lot.) Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: An ISP's Dream: Extensions in one sandbox, client code in another
Jochem and Michael, Interesting ideas - thanks! I think I have done a poor job of describing the scenario. Ben Forta's Maybe We Should Try a Separation (CFDJ Vol 4 Issue 10) really got me to thinking: there are so many good reasons for code reuse (faster development time, centralized (policable) code, easier debugging, etc.) But getting developers to tie into existing resources is hopeless, particularly when your community of developers comes and goes and is rarely around long enough to really respond to your efforts to get them to reuse codes and build off each others' functionality. So forget about my scattered scenario and emphasis on databases: just consider this question: How could you set up a server architecture (whether internally via security sandboxes or externally via web service syndication servers) that would encourage a development culture whose members were free to develop however whatever they wanted, but faced strong incentives to first utilize each others' reusable code? Remember two things: First, the community we are considering suffers from frequent turn around. Some of its members are pretty clever - most just want to get something up and aren't always that interested in looking under the hood. Second, Their needs in functionality are generally pretty uniform. Sure they have their own data and different presentation layers. But they all have the same basic poll, announcements, staff directory kinds of features on their website. In other words, one good developer could probably do 95% of all the functionality they need. So how best to not merely advertise what that developer has done, but go further and place strong incentives in their development methodology to consider tying first into that developers' components and other extensions? Seems to me the best way would be to put everyone in one sandbox denied certain tags and ports, etc... but let them all post, per your developers' approval, concise reusable code into another sandbox without restrictions. Think of the implications for users both novice and advanced, for the administrators' responsibility to ensure a secure and available environment! -Jason -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 8:35 AM To: CF-Talk Subject: Re: An ISP's Dream: Extensions in one sandbox, client code in another Michael T. Tangorre wrote: Just plan for it... have two databases running on a server so when one is mangled you can switch to the other one and vice versa Now in a real world situation, resources are limited to some extent or should be anyway. We have long since adopted the position that it is easier to just buy extra harddisks as to set, maintain, measure and enforce quota on disk use, bandwidth use and databases :-) (If university provides you with a bunch of switch ports and power plugs for free, business rules change quite a lot.) Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: An ISP's Dream: Extensions in one sandbox, client code in another
I didn't read all the way back through the thread, but why is it important that they use each others code in the first place? Obviously code reuse is a good thing, but you never explained why it was important for you. In most places...if the boss says, use this code, it should to be used, and if not, the problem doesn't have anything to do with code. Do these developers even know what components are available? Are these components/extensions organized into a coherent API and documented centrally? If you answered no to either of these questions, then the problem is clear. -- jon mailto:[EMAIL PROTECTED] Monday, August 4, 2003, 9:57:20 AM, you wrote: snip BJS So forget about my scattered scenario and emphasis on databases: just BJS consider this question: How could you set up a server architecture BJS (whether internally via security sandboxes or externally via web service BJS syndication servers) that would encourage a development culture whose BJS members were free to develop however whatever they wanted, but faced BJS strong incentives to first utilize each others' reusable code? snip ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: An ISP's Dream: Extensions in one sandbox, client code in another
Blum, Jason (SAA) wrote: I think I have done a poor job of describing the scenario. Ben Forta's Maybe We Should Try a Separation (CFDJ Vol 4 Issue 10) really got me to thinking: there are so many good reasons for code reuse (faster development time, centralized (policable) code, easier debugging, etc.) But getting developers to tie into existing resources is hopeless, particularly when your community of developers comes and goes and is rarely around long enough to really respond to your efforts to get them to reuse codes and build off each others' functionality. If they don't want to tie into existing resources and you don't have the authority to order them to do it, it is hopeless. And even if you have the authority but they don't want it, it is probably just as hopeless. But from your scenario I get the impression you are not talking about just an ISP. You are talking about a closely connected community that already has ties with eachother. So maybe you should explain a bit more about that community. And what do the developers themselves think about it? Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
An ISP's Dream: Extensions in one sandbox, client code in another
Jason: This is an increasingly hypothetical scenario. I agree with Jochem's original statement that he wouldn't want to deal with an ISP that has those kinds of restrictions. I know: I have one right now, and am about to switch to one that doesn't have these restrictions. I like the threaded model of lessening restrictions based on the sophistication of the coders. The best idea would be to use a CMS that could do simple queries and not require any coding knowledge. You could have a tiered development system that would allow different complexities according to skill, but this might be just as difficult to manage. That said, I strongly believe in learning by doing. You don't learn until you do it. If you don't give them a chance to do it, they will never learn. If students don't know SQL, then they probably shouldn't be coding. That's taught right away in the Fast Track course, and in practically any CF book you could find. Knowing SQL is the most basic building block of any web development, regardless of language, and if you can't do basic SQL, you're going to have a hard time developing any web applications. I agree that these college websites would all have different needs, and it's going to be difficult restricting them with custom tags. It seems to me that you would have more trouble with support dealing with the use of those custom tags than having them doing it in a more unrestricted fashion. Besides, if they don't use the proper CFQUERY statements, how the heck are they ever going to learn even BASIC best practices? Blum, Jason (SAA) wrote: I think I have done a poor job of describing the scenario. Ben Forta's Maybe We Should Try a Separation (CFDJ Vol 4 Issue 10) really got me to thinking: there are so many good reasons for code reuse (faster development time, centralized (policable) code, easier debugging, etc.) But getting developers to tie into existing resources is hopeless, particularly when your community of developers comes and goes and is rarely around long enough to really respond to your efforts to get them to reuse codes and build off each others' functionality. If they don't want to tie into existing resources and you don't have the authority to order them to do it, it is hopeless. And even if you have the authority but they don't want it, it is probably just as hopeless. But from your scenario I get the impression you are not talking about just an ISP. You are talking about a closely connected community that already has ties with eachother. So maybe you should explain a bit more about that community. And what do the developers themselves think about it? Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: An ISP's Dream: Extensions in one sandbox, client code in another
Jason, The separate you want sounds like you need multiple instances of ColdFusion on a single box. You can do that. But setting up different instances necessarily discourages sharing at some level. Sounds like you want to have your cake and eat it too. :-) For database queries there is a very clean option, use stored procedures. I have no problem establishing a system where users cannot execute any database calls aside from stored procedure invocations. You can share the stored procedures with any client that can log into the database, including all CF instances. Of course, based on the login (and each instance can use a different login) different data may be returned. That's databases. For other code, I am not sure that there is a good solution for what you want. --- Ben -Original Message- From: Blum, Jason (SAA) [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 9:57 AM To: CF-Talk Subject: RE: An ISP's Dream: Extensions in one sandbox, client code in another Jochem and Michael, Interesting ideas - thanks! I think I have done a poor job of describing the scenario. Ben Forta's Maybe We Should Try a Separation (CFDJ Vol 4 Issue 10) really got me to thinking: there are so many good reasons for code reuse (faster development time, centralized (policable) code, easier debugging, etc.) But getting developers to tie into existing resources is hopeless, particularly when your community of developers comes and goes and is rarely around long enough to really respond to your efforts to get them to reuse codes and build off each others' functionality. So forget about my scattered scenario and emphasis on databases: just consider this question: How could you set up a server architecture (whether internally via security sandboxes or externally via web service syndication servers) that would encourage a development culture whose members were free to develop however whatever they wanted, but faced strong incentives to first utilize each others' reusable code? Remember two things: First, the community we are considering suffers from frequent turn around. Some of its members are pretty clever - most just want to get something up and aren't always that interested in looking under the hood. Second, Their needs in functionality are generally pretty uniform. Sure they have their own data and different presentation layers. But they all have the same basic poll, announcements, staff directory kinds of features on their website. In other words, one good developer could probably do 95% of all the functionality they need. So how best to not merely advertise what that developer has done, but go further and place strong incentives in their development methodology to consider tying first into that developers' components and other extensions? Seems to me the best way would be to put everyone in one sandbox denied certain tags and ports, etc... but let them all post, per your developers' approval, concise reusable code into another sandbox without restrictions. Think of the implications for users both novice and advanced, for the administrators' responsibility to ensure a secure and available environment! -Jason -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 8:35 AM To: CF-Talk Subject: Re: An ISP's Dream: Extensions in one sandbox, client code in another Michael T. Tangorre wrote: Just plan for it... have two databases running on a server so when one is mangled you can switch to the other one and vice versa Now in a real world situation, resources are limited to some extent or should be anyway. We have long since adopted the position that it is easier to just buy extra harddisks as to set, maintain, measure and enforce quota on disk use, bandwidth use and databases :-) (If university provides you with a bunch of switch ports and power plugs for free, business rules change quite a lot.) Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
An ISP's Dream: Extensions in one sandbox, client code in another
This question was tacked on to another discussion, but thought I might solicit more feedback by starting its own thread? From an ISP's perspective, would it not be a God-send to put all clients in one big, heavily restricted sandbox (no datasources, etc.) and all datasource-accessing CFC's and other extensions in another sandbox to which only the ISP administrator has posting rights? We would aggressively advertise the contents of the latter to the clients using UDDI or just some kind of MM Exchange kind of catalog. Clients would always be free to develop their own CFC's and extensions, but would rapidly find tying into existing middle layer functionality an increasingly appealing alternative. Or consider a simpler example: You don't want clients CFEXECUTING some local executable. But you do want to allow them to drop into their code a custom tag that can execute that local executable because in that tag you have some logic or something that lets you fix parameters or something. So far, testing suggests the calling template's sandbox restrictions always override anything they call or invoke, except obviously a remote web service - but what a shame to have to go up and down the protocol stack... Have I missed something fundamental or would this not be a boon to ISP's?! -Jason ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: An ISP's Dream: Extensions in one sandbox, client code in another
Blum, Jason (SAA) wrote: From an ISP's perspective, would it not be a God-send to put all clients in one big, heavily restricted sandbox (no datasources, etc.) and all datasource-accessing CFC's and other extensions in another sandbox to which only the ISP administrator has posting rights? Apart from the fact that it can't be done because of the Java security model, what does it give you that sandboxes don't give you now? Or consider a simpler example: You don't want clients CFEXECUTING some local executable. With a shared instance that is a very bad idea indeed. But you do want to allow them to drop into their code a custom tag that can execute that local executable because in that tag you have some logic or something that lets you fix parameters or something. I don't really see a reason why customers would want to run any executable at all. And if they want it really bad they can always get hosting running their own instance. Or go up and down the protocol stack. Have I missed something fundamental or would this not be a boon to ISP's?! I would not want to be hosted on a server where I can't write my own logic to access databases and/or the file system. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: An ISP's Dream: Extensions in one sandbox, client code in another
Hi Jochem, Yes, the CFEXECUTE was a bad example. Suppose instead you hosted all a University's various colleges' websites on one server. None of them had particularly good developers and instead of teaching them all SQL and relational database theory, you just gave them backend logins to a CMS which you then queried on the front end. You even packaged that query in a custom tag or component. It's all working so well that you now want to discourage new grad students from even trying their own sql queries in their code, but instead to tie only into your custom tag. (This may sound very controlling, but the fact is you have no time to play help desk to these kids, they come and go so frequently, why rebuild the wheel when they can reuse code, etc., etc... So you disable CFQUERY in their sandbox, but of course not in the sandbox containing the custom tags... How do you keep the calling templates' sandbox restrictions from extending to their use of your custom tag? -Jason -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Sunday, August 03, 2003 5:55 PM To: CF-Talk Subject: Re: An ISP's Dream: Extensions in one sandbox, client code in another Blum, Jason (SAA) wrote: From an ISP's perspective, would it not be a God-send to put all clients in one big, heavily restricted sandbox (no datasources, etc.) and all datasource-accessing CFC's and other extensions in another sandbox to which only the ISP administrator has posting rights? Apart from the fact that it can't be done because of the Java security model, what does it give you that sandboxes don't give you now? Or consider a simpler example: You don't want clients CFEXECUTING some local executable. With a shared instance that is a very bad idea indeed. But you do want to allow them to drop into their code a custom tag that can execute that local executable because in that tag you have some logic or something that lets you fix parameters or something. I don't really see a reason why customers would want to run any executable at all. And if they want it really bad they can always get hosting running their own instance. Or go up and down the protocol stack. Have I missed something fundamental or would this not be a boon to ISP's?! I would not want to be hosted on a server where I can't write my own logic to access databases and/or the file system. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4