Comments on: ColdFusion shared hosting security and databases http://jochem.vandieten.net/2009/01/05/coldfusion-shared-hosting-security-and-databases/ Jochem's tech exploits Tue, 09 Jun 2026 10:23:15 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Leigh http://jochem.vandieten.net/2009/01/05/coldfusion-shared-hosting-security-and-databases/comment-page-1/#comment-898 Leigh Sat, 14 Nov 2009 02:35:04 +0000 http://jochem.vandieten.net/?p=88#comment-898 Re: "The way to decrypt these passwords is well known" .. and apparently still works in ColdFusion 9. Re: “The way to decrypt these passwords is well known” .. and apparently still works in ColdFusion 9.

]]> By: “it could be bunnies” » Blog Archive » Shared hosting security wishlist http://jochem.vandieten.net/2009/01/05/coldfusion-shared-hosting-security-and-databases/comment-page-1/#comment-157 “it could be bunnies” » Blog Archive » Shared hosting security wishlist Tue, 06 Jan 2009 20:26:42 +0000 http://jochem.vandieten.net/?p=88#comment-157 [...] « ColdFusion shared hosting security and databases [...] [...] « ColdFusion shared hosting security and databases [...]

]]> By: Jochem http://jochem.vandieten.net/2009/01/05/coldfusion-shared-hosting-security-and-databases/comment-page-1/#comment-155 Jochem Tue, 06 Jan 2009 09:12:50 +0000 http://jochem.vandieten.net/?p=88#comment-155 As I explained in <a href="http://jochem.vandieten.net/2008/12/09/cf-shared-hosting-security-java-cfexecute-com-net-and-java-again/" rel="nofollow">an earlier post</a> giving people the option to instantiate Java objects amounts to giving them the password to the ColdFusion Administrator. Who cares that you can enumerate the list of datasources using Java, when you can simple overwrite the password.properties file and force ColdFusion to read the new version by restarting JRun through CreateObject("java", "java.lang.runtime").getRunTime().halt()? As I explained in an earlier post giving people the option to instantiate Java objects amounts to giving them the password to the ColdFusion Administrator. Who cares that you can enumerate the list of datasources using Java, when you can simple overwrite the password.properties file and force ColdFusion to read the new version by restarting JRun through CreateObject(”java”, “java.lang.runtime”).getRunTime().halt()?

]]> By: Freelance Web Developer http://jochem.vandieten.net/2009/01/05/coldfusion-shared-hosting-security-and-databases/comment-page-1/#comment-153 Freelance Web Developer Mon, 05 Jan 2009 22:46:28 +0000 http://jochem.vandieten.net/?p=88#comment-153 What about something like this to get all of the datasources? /** * Gets a list of DSNs. * * @return Returns an array. * @author Raymond Camden (ray@camdenfamily.com) * @version 1, November 15, 2002 */ function getDSNs() { var factory = createObject("java","coldfusion.server.ServiceFactory"); return factory.getDataSourceService().getNames(); } From there you can make a cfquery and go to town. What about something like this to get all of the datasources?

/**
* Gets a list of DSNs.
*
* @return Returns an array.
* @author Raymond Camden (ray@camdenfamily.com)
* @version 1, November 15, 2002
*/
function getDSNs() {
var factory = createObject(”java”,”coldfusion.server.ServiceFactory”);
return factory.getDataSourceService().getNames();
}

From there you can make a cfquery and go to town.

]]>