[thelist] CF: Determining which DB used.

.jeff jeff at members.evolt.org
Wed Sep 12 12:17:19 CDT 2001


raymond,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Raymond Camden
>
> > are you implying that there is additional information
> > hidden in the server scope that isn't documented?  if
> > not, could you clarify?
>
> As far as I know, no. Again, I _believe_ the reason
> was for ISP security.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

if there is no additional information that would be exposed by the server
scope being a valid structure i fail to see how doing so would be security
purposes.  after all, i can still access the values directly, right?  i just
can't do it using cfdump or looping through the structure.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> > unfortunately, you can't create a substruct under
> > server as server isn't a valid struct.  when you
> > attempt to create a substruct, you're really only
> > creating a variable with a dot in the name which
> > appears to be under the server scope, but is not.
>
> Not true. Do, <cfset server.foo = structnew()>
> <cfset server.foo.ray = 1> on page 1, then cfdump
> server.foo on page 2.  If I had only made a var
> called "server.foo", that wouldn't work.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

through testing, it indeed appears that foo is created in the server scope.
however, you can't test that it exists using StructKeyExists(server, "foo").
instead, you have to use an IsDefined() instead -- yuck.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> Can't say. You have to understand that a lot of this
> is still top secret, but more news will be out at DevCon.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

ugh, gotta wait *another* version, eh?

i would have hoped they would get it right with v5.0 with server and
variables scopes.  after all, i'm sure there was alot of effort put into
making form, url, and cgi variables into valid structures.  <question
type="rhetorical">why not just do the whole ball of wax and alleviate
potential developer concern and complaints?</question>

thanks,

.jeff

http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/






More information about the thelist mailing list