[thelist] Cold Fusion

Joshua Olson joshua at waetech.com
Fri May 14 21:18:00 CDT 2004


> -----Original Message-----
> From: thelist-bounces at lists.evolt.org
> [mailto:thelist-bounces at lists.evolt.org]On Behalf Of Adrian Gonzales
> Sent: Friday, May 14, 2004 9:54 PM
>
> >> Things like Custom Tags, CFC's, etc are all global to all hosted
> sites.
>
> I don't think that CFCs are global to the whole server, and if so, you
> can make CFCs restrict their own access to components that list
> themselves as extensions.

Adrian,

Okay.  Thanks for the clarification.

> >> You cannot allow file manipulation only within the webroot
>
> I'm almost positive that Sandbox Security in CFMX fixes that problem. If
> not, you can disable CFFILE and CFDIRECTORY, then implement the CF_FILE
> and CF_DIRECTORY custom tags. That goes back to what someone said about
> work-arounds for bugs.

I'm not clear how these two custom tags would operate in the absence of
cffile and cfdirectory?  Care to elaborate.

> >> Datasources are accessible to all sites.. sure you can make it so
> that each site needs to use a password to access the datasource, but
> then you have to pass the password with each query...
>
> Whats the difference between this and PHP? You have to give a
> username/password to access the database anyway right? If you do things
> right and make global parameters for that info, its not a big deal.

With CF, this is not always necessary.  You can define datasources in cf
administrator for use on pages.  The authentication information is entered
in through the admin and therefore all you have to do is reference the
datasource by it's name you assigned in the cf admin.  This is wonderful for
trusted sites on a dedicated box.  But, when you move into a hosted
environment, you cannot really use this technique.

<><><><><><><><><><>
Joshua Olson
Web Application Engineer
WAE Tech Inc.
http://www.waetech.com/service_areas/
706.210.0168




More information about the thelist mailing list