RE: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
We let customers use it on our advanced plans. We are running sandbox security to prevent any accidents ;-) Dan Phillips www.CFXHosting.com 1-866-239-4678 [EMAIL PROTECTED] Do you want complete ColdFusion Administrator access? RDS? Terminal Server?- CFX-Advanced VPS - http://www.cfxhosting.com/Plans/s_cfxadvancedVPS.cfm -Original Message- From: Oliver Cookson [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 11:40 AM To: CF-Talk Subject: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? ) I know this has been covered before but has there been any solutions to using CFObject in a shared host without creating a security hazard? Cheers -Original Message- From: Ryan Kime [mailto:[EMAIL PROTECTED] Sent: 03 September 2003 16:36 To: CF-Talk Subject: RE: DWMX 2004 - Whats new for us? That's a $10 a month difference and they list out versions they use. I see that pricing as more agreeable for both sides and I think it's great that prices are coming down. There's a threshold where you start to lose money on every new customer and I'm sure it's different for everyone. But I remember Dell got into hosting and were offering $16.95 plans with CF. Guess how long that lasted? About a year. And they are a huge company, so it makes me wonder about the smaller hosts and their ability to sustain at that level of price vs. features without cutting corners. Just want to make sure people ask the right questions when they look for hosting. I look forward to seeing that BD hosting list. -Ryan -Original Message- From: Massimo Foti [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 10:15 AM To: CF-Talk Subject: Re: DWMX 2004 - Whats new for us? There's no such thing as a free lunch I would be leery of *free* CF and SQL Server, both of those cost a pretty penny and are not easy to cover without passing some of the cost on to customers. It also makes me wonder why they use the term FREE and not included when describing their plans. Which version of CF are they using? If it's Pro/Standard and not Enterprise, don't walk, but run away as fast as you can. Other companies offer low prices too: http://www.crystaltech.com/plan2.htm The quality is excellent, with SQL Server 2000 and CF 6.1 Enterprise running on Win 2003. Hosting prices keep going down, not as fast as a few years ago, but they are more affordable than ever Massimo Foti Certified Dreamweaver MX Developer Certified Advanced ColdFusion MX Developer http://www.massimocorner.com/ ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
Dan Phillips (CFXHosting.com) wrote: We let customers use it on our advanced plans. We are running sandbox security to prevent any accidents ;-) How does Sandbox Security protect you from accidents with COM objects like the FSO? Jochem ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
I'm the wrong person to give you technical specs on that. Stephenie Hamilton set all that up for us way back when we first started. We don't have it enabled for just anyone though. It has to be requested and we more or less interview the person running the site and check out their code as well. That way if there are problems, we know who to go to. If we feel funny about them, we deny it. In 3 years though, we have never had an issue or turned anyone down for this. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 11:50 AM To: CF-Talk Subject: Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? ) Dan Phillips (CFXHosting.com) wrote: We let customers use it on our advanced plans. We are running sandbox security to prevent any accidents ;-) How does Sandbox Security protect you from accidents with COM objects like the FSO? Jochem ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
Turning off cfobject doesn't really protect the server, at least with CFMX. You can create Java class instances using standard CFML without using cfobject/createobject (it's just a little more work). Sam -- Blog: http://www.rewindlife.com Chart: http://www.blinex.com/products/charting -- -Original Message- From: Oliver Cookson [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 11:40 AM To: CF-Talk Subject: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? ) I know this has been covered before but has there been any solutions to using CFObject in a shared host without creating a security hazard? Cheers ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
Whether cfobject is enabled or not doesn't affect the insecurity of a CFMX installation for shared hosting. For example... cfscript badThing = CreateObject(java, a.BadThing); // is the same as... foo = ; clazz = foo.getClass(); clazz = clazz.forName(a.badThing); badThing = clazz.newInstance(); /cfscript -Matt On Wednesday, September 3, 2003, at 11:40 AM, Oliver Cookson wrote: I know this has been covered before but has there been any solutions to using CFObject in a shared host without creating a security hazard? Cheers -Original Message- From: Ryan Kime [mailto:[EMAIL PROTECTED] Sent: 03 September 2003 16:36 To: CF-Talk Subject: RE: DWMX 2004 - Whats new for us? That's a $10 a month difference and they list out versions they use. I see that pricing as more agreeable for both sides and I think it's great that prices are coming down. There's a threshold where you start to lose money on every new customer and I'm sure it's different for everyone. But I remember Dell got into hosting and were offering $16.95 plans with CF. Guess how long that lasted? About a year. And they are a huge company, so it makes me wonder about the smaller hosts and their ability to sustain at that level of price vs. features without cutting corners. Just want to make sure people ask the right questions when they look for hosting. I look forward to seeing that BD hosting list. -Ryan -Original Message- From: Massimo Foti [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 10:15 AM To: CF-Talk Subject: Re: DWMX 2004 - Whats new for us? There's no such thing as a free lunch I would be leery of *free* CF and SQL Server, both of those cost a pretty penny and are not easy to cover without passing some of the cost on to customers. It also makes me wonder why they use the term FREE and not included when describing their plans. Which version of CF are they using? If it's Pro/Standard and not Enterprise, don't walk, but run away as fast as you can. Other companies offer low prices too: http://www.crystaltech.com/plan2.htm The quality is excellent, with SQL Server 2000 and CF 6.1 Enterprise running on Win 2003. Hosting prices keep going down, not as fast as a few years ago, but they are more affordable than ever Massimo Foti Certified Dreamweaver MX Developer Certified Advanced ColdFusion MX Developer http://www.massimocorner.com/ ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
Matt Liotta wrote: Whether cfobject is enabled or not doesn't affect the insecurity of a CFMX installation for shared hosting. For example... cfscript badThing = CreateObject(java, a.BadThing); // is the same as... foo = ; clazz = foo.getClass(); clazz = clazz.forName(a.badThing); badThing = clazz.newInstance(); /cfscript But that stills run in the Sandbox, because CF MX leverages the security built in to Java. So that means that all restrictions on the filesystem and ports still apply. What I am wondering is whether you can use this mechanism to either invoke a COM object or to access the runtime service or the security service. And if you can invoke COM objects, whether you still can after all JIntegra files have been removed. Jochem ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
Probably correct, but any shared hosting provider would probably immediately close your account upon the appearance of code such as that - All of them do have Terms of Service and a legitimate user will comply willingly. == Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases. ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf == If you are not satisfied with my service, my job isn't done! - Original Message - From: Matt Liotta [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 11:12 AM Subject: Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? ) | Whether cfobject is enabled or not doesn't affect the insecurity of a | CFMX installation for shared hosting. For example... | | cfscript | badThing = CreateObject(java, a.BadThing); | // is the same as... | foo = ; | clazz = foo.getClass(); | clazz = clazz.forName(a.badThing); | badThing = clazz.newInstance(); | /cfscript | | -Matt | | On Wednesday, September 3, 2003, at 11:40 AM, Oliver Cookson wrote: | | I know this has been covered before but has there been any solutions to | using CFObject in a shared host without creating a security hazard? | | Cheers | | -Original Message- | From: Ryan Kime [mailto:[EMAIL PROTECTED] | Sent: 03 September 2003 16:36 | To: CF-Talk | Subject: RE: DWMX 2004 - Whats new for us? | | | That's a $10 a month difference and they list out versions they use. I | see that pricing as more agreeable for both sides and I think it's | great | that prices are coming down. | | There's a threshold where you start to lose money on every new customer | and I'm sure it's different for everyone. But I remember Dell got into | hosting and were offering $16.95 plans with CF. Guess how long that | lasted? About a year. And they are a huge company, so it makes me | wonder | about the smaller hosts and their ability to sustain at that level of | price vs. features without cutting corners. | | Just want to make sure people ask the right questions when they look | for | hosting. I look forward to seeing that BD hosting list. | | -Ryan | | -Original Message- | From: Massimo Foti [mailto:[EMAIL PROTECTED] | Sent: Wednesday, September 03, 2003 10:15 AM | To: CF-Talk | Subject: Re: DWMX 2004 - Whats new for us? | | | There's no such thing as a free lunch | | I would be leery of *free* CF and SQL Server, both of those cost a | pretty penny and are not easy to cover without passing some of the | cost on to customers. It also makes me wonder why they use the term | FREE and not included when describing their plans. | | Which version of CF are they using? If it's Pro/Standard and not | Enterprise, | don't walk, but run away as fast as you can. | | Other companies offer low prices too: | | http://www.crystaltech.com/plan2.htm | | The quality is excellent, with SQL Server 2000 and CF 6.1 Enterprise | running on Win 2003. Hosting prices keep going down, not as fast as a | few years ago, but they are more affordable than ever | | | Massimo Foti | Certified Dreamweaver MX Developer | Certified Advanced ColdFusion MX Developer | http://www.massimocorner.com/ | | | | | | | ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
I have been able to successfully create a trojan that can be invoked only using Java reflection such as below and easily installed into a CFMX instance. -Matt On Wednesday, September 3, 2003, at 12:35 PM, Jochem van Dieten wrote: Matt Liotta wrote: Whether cfobject is enabled or not doesn't affect the insecurity of a CFMX installation for shared hosting. For example... cfscript badThing = CreateObject(java, a.BadThing); // is the same as... foo = ; clazz = foo.getClass(); clazz = clazz.forName(a.badThing); badThing = clazz.newInstance(); /cfscript But that stills run in the Sandbox, because CF MX leverages the security built in to Java. So that means that all restrictions on the filesystem and ports still apply. What I am wondering is whether you can use this mechanism to either invoke a COM object or to access the runtime service or the security service. And if you can invoke COM objects, whether you still can after all JIntegra files have been removed. Jochem ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
An unscrupulous person could easily reformat a server's hard drive, kill databases, plant viruses, and do all sorts of nasty things way before anybody at the hosting company would even have a clue about what's going on. - Original Message - From: Doug White [EMAIL PROTECTED] Date: Wednesday, September 3, 2003 10:40 am Subject: Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? ) Probably correct, but any shared hosting provider would probably immediatelyclose your account upon the appearance of code such as that - All of them do have Terms of Service and a legitimate user will comply willingly. == Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf== If you are not satisfied with my service, my job isn't done! - Original Message - From: Matt Liotta [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 11:12 AM Subject: Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? ) | Whether cfobject is enabled or not doesn't affect the insecurity of a | CFMX installation for shared hosting. For example... | | cfscript | badThing = CreateObject(java, a.BadThing); | // is the same as... | foo = ; | clazz = foo.getClass(); | clazz = clazz.forName(a.badThing); | badThing = clazz.newInstance(); | /cfscript | | -Matt | | On Wednesday, September 3, 2003, at 11:40 AM, Oliver Cookson wrote: | | I know this has been covered before but has there been any solutions to | using CFObject in a shared host without creating a security hazard?| | Cheers | | -Original Message- | From: Ryan Kime [EMAIL PROTECTED] | Sent: 03 September 2003 16:36 | To: CF-Talk | Subject: RE: DWMX 2004 - Whats new for us? | | | That's a $10 a month difference and they list out versions they use. I | see that pricing as more agreeable for both sides and I think it's | great | that prices are coming down. | | There's a threshold where you start to lose money on every new customer| and I'm sure it's different for everyone. But I remember Dell got into | hosting and were offering $16.95 plans with CF. Guess how long that| lasted? About a year. And they are a huge company, so it makes me | wonder | about the smaller hosts and their ability to sustain at that level of | price vs. features without cutting corners. | | Just want to make sure people ask the right questions when they look | for | hosting. I look forward to seeing that BD hosting list. | | -Ryan | | -Original Message- | From: Massimo Foti [EMAIL PROTECTED] | Sent: Wednesday, September 03, 2003 10:15 AM | To: CF-Talk | Subject: Re: DWMX 2004 - Whats new for us? | | | There's no such thing as a free lunch | | I would be leery of *free* CF and SQL Server, both of those cost a | pretty penny and are not easy to cover without passing some of the | cost on to customers. It also makes me wonder why they use the term | FREE and not included when describing their plans. | | Which version of CF are they using? If it's Pro/Standard and not | Enterprise, | don't walk, but run away as fast as you can. | | Other companies offer low prices too: | | http://www.crystaltech.com/plan2.htm | | The quality is excellent, with SQL Server 2000 and CF 6.1 Enterprise| running on Win 2003. Hosting prices keep going down, not as fast as a | few years ago, but they are more affordable than ever | | | Massimo Foti | Certified Dreamweaver MX Developer | Certified Advanced ColdFusion MX Developer | http://www.massimocorner.com/ | | | | | | | ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
Matt Liotta wrote: I have been able to successfully create a trojan that can be invoked only using Java reflection such as below and easily installed into a CFMX instance. You mean as in uploaded a .jar and added it to the class path etc? Wouldn't that require write permissions to the JVM config file? Jochem ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
CFMX is more than happy to give you permission to change the classpath it uses. Matt Liotta President CEO Montara Software, Inc. http://www.MontaraSoftware.com (888) 408-0900 x901 ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
[EMAIL PROTECTED] wrote: An unscrupulous person could easily reformat a server's hard drive, kill databases, plant viruses, and do all sorts of nasty things way before anybody at the hosting company would even have a clue about what's going on. Not unless you are running CF as root/system. Jochem ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
Matt Liotta wrote: CFMX is more than happy to give you permission to change the classpath it uses. That is not my experience. If the CF MX base directory is configured to be read-only, CF MX will not write there. But with the current bug in the way sandboxes are inherited to lower directories, configuring CF MX that way is a bit problematic. Jochem ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
If you remove CFMX's ability to change the classpath then you would also remove my ability to change it. However, that is not the general configuration used by hosting companies. Matt Liotta President CEO Montara Software, Inc. http://www.MontaraSoftware.com (888) 408-0900 x901 ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
I don't see that as a vulnerability in my case - your mileage may vary. == Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases. ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf == If you are not satisfied with my service, my job isn't done! - Original Message - From: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 11:53 AM Subject: Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? ) | An unscrupulous person could easily reformat a server's hard drive, kill databases, plant viruses, and do all sorts of nasty things way before anybody at the hosting company would even have a clue about what's going on. | | - Original Message - | From: Doug White [EMAIL PROTECTED] | Date: Wednesday, September 3, 2003 10:40 am | Subject: Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? ) | | Probably correct, but any shared hosting provider would probably | immediatelyclose your account upon the appearance of code such as | that - All of them do | have Terms of Service and a legitimate user will comply willingly. | | == | Stop spam on your domain, use our gateway! | For hosting solutions http://www.clickdoug.com | Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all | databases.ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 | Suggested corporate Anti-virus policy: | http://www.dshield.org/antivirus.pdf== | If you are not satisfied with my service, my job isn't done! | | - Original Message - | From: Matt Liotta [EMAIL PROTECTED] | To: CF-Talk [EMAIL PROTECTED] | Sent: Wednesday, September 03, 2003 11:12 AM | Subject: Re: CFObject in shared host? (Was: RE: DWMX 2004 - Whats | new for us? ) | | | | Whether cfobject is enabled or not doesn't affect the insecurity | of a | | CFMX installation for shared hosting. For example... | | | | cfscript | | badThing = CreateObject(java, a.BadThing); | | // is the same as... | | foo = ; | | clazz = foo.getClass(); | | clazz = clazz.forName(a.badThing); | | badThing = clazz.newInstance(); | | /cfscript | | | | -Matt | | | | On Wednesday, September 3, 2003, at 11:40 AM, Oliver Cookson wrote: | | | | I know this has been covered before but has there been any | solutions to | | using CFObject in a shared host without creating a security | hazard?| | | Cheers | | | | -Original Message- | | From: Ryan Kime [EMAIL PROTECTED] | | Sent: 03 September 2003 16:36 | | To: CF-Talk | | Subject: RE: DWMX 2004 - Whats new for us? | | | | | | That's a $10 a month difference and they list out versions | they use. I | | see that pricing as more agreeable for both sides and I think it's | | great | | that prices are coming down. | | | | There's a threshold where you start to lose money on every new | customer| and I'm sure it's different for everyone. But I | remember Dell got into | | hosting and were offering $16.95 plans with CF. Guess how long | that| lasted? About a year. And they are a huge company, so it | makes me | | wonder | | about the smaller hosts and their ability to sustain at that | level of | | price vs. features without cutting corners. | | | | Just want to make sure people ask the right questions when | they look | | for | | hosting. I look forward to seeing that BD hosting list. | | | | -Ryan | | | | -Original Message- | | From: Massimo Foti [EMAIL PROTECTED] | | Sent: Wednesday, September 03, 2003 10:15 AM | | To: CF-Talk | | Subject: Re: DWMX 2004 - Whats new for us? | | | | | | There's no such thing as a free lunch | | | | I would be leery of *free* CF and SQL Server, both of those | cost a | | pretty penny and are not easy to cover without passing some | of the | | cost on to customers. It also makes me wonder why they use | the term | | FREE and not included when describing their plans. | | | | Which version of CF are they using? If it's Pro/Standard and not | | Enterprise, | | don't walk, but run away as fast as you can. | | | | Other companies offer low prices too: | | | | http://www.crystaltech.com/plan2.htm | | | | The quality is excellent, with SQL Server 2000 and CF 6.1 | Enterprise| running on Win 2003. Hosting prices keep going down, | not as fast as a | | few years ago, but they are more affordable than ever | | | | | | Massimo Foti | | Certified Dreamweaver MX Developer | | Certified Advanced ColdFusion MX Developer | | http://www.massimocorner.com
RE: CFObject in shared host? (Was: RE: DWMX 2004 - Whats new for us? )
File system access is not required for there to be a vulnerability. You can do things like grab sessions from other applications running on the same server and modify the sessions. Anyone running an e-commerce app on a shared host and using session variables is suceptible to tampering by someone else on the same server. http://tech.badpen.com/index.cfm?mode=entryentry=4 http://tech.badpen.com/index.cfm?mode=entryentry=3 http://www.rewindlife.com/archives/46.cfm CFMX4J2EE can protect against this using separate CF instances, but that's not usually offered by hosts. Sam -- Blog: http://www.rewindlife.com Chart: http://www.blinex.com/products/charting -- ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm