Comments on: ColdFusion shared hosting and security

By: Sebastiaan

Sebastiaan — Wed, 10 Dec 2008 11:11:27 +0000

Jochem, could you convey the e-mail address of Ron to me, as it isn’t showing up on your blog Thanx!

By: “it could be bunnies” » Blog Archive » CF shared hosting security: Java, CFEXECUTE, COM, .NET and Java again

Tue, 09 Dec 2008 21:37:22 +0000

[...] the first part we have set the stage for this series: the goal is to protect one shared hosting customer from an [...]

By: Jochem

Jochem — Wed, 03 Dec 2008 16:01:59 +0000

Sebastiaan: my next posts will include some code samples that you can run against any environment you want.

Ron: I fixed your code comments.

By: Ron

Ron — Wed, 03 Dec 2008 13:52:11 +0000

Sebastiaan, I most certainly know that the CF environments of webstekker are anything but secure. I can easily list which other CF applications are on the same server and can then find out what their directories on the server are and simply alter their site.

Imagine what this would do

” />

And I can assure you it works. Email me if you want to know more.

By: Sebastiaan

Sebastiaan — Wed, 03 Dec 2008 11:50:14 +0000

Is this in retrospect of your comments that Webstekker is not a secure CF environment?

If you feel it is not, I’d like to know (and why)!!!

By: Jochem

Jochem — Wed, 03 Dec 2008 08:22:52 +0000

I’m not really sure I have anything useful to add about the ColdFusion Administrator in a shared hosting environment. I most certainly would not give access to it to any hosted customer.

By: Tjarko

Tjarko — Tue, 02 Dec 2008 09:10:49 +0000

Maybe add ColdFusion Admin control?? I’m still wondering how to incorporate that into a shared environment, and the why behind the API…