لطفا منتظر باشید ...
Risks in the Shared Environment
One benefit of the ColdFusion is that it allows hosting providers to house several ColdFusion applications on the same server. This capability comes with a number of inherent risks that come to light when several users have access to the same server. ColdFusion has many powerful features that can be used to control and manage the server, file system, and other network resources such as databases, and these features can be used maliciously unless access to them is not appropriately restricted.
CFML-Based Risks
ColdFusion's language is filled with feature-rich functions and tags capable of accessing the system's hard drive, Registry, and network resources. Improper or malicious use of many of these tags and functions by unauthorized developers (or hackers) could compromise the server, thereby compromising the data of other sites hosted on the same box.To mitigate this risk, ColdFusion enables server administrators to restrict developer access to several tags and functions. Chapter 9, "Creating Server Sandboxes."
RDS-Based Risks
Another risk inherent to shared hosting environments is securing the file system. ColdFusion RDS (Remote Development Service) is a powerful feature that lets users read and write to the file system, as well as work with system data sources. However, in a shared environment, it's unwise to allow developers of one application to have access to the files or databases for another application. One solution is to disallow (or disable) RDS access to the server and allow developers to access the server over FTP. This will require that hosting providers set up an FTP account for each application and specify its root as the application's Web root.
