Web News

Court backs sale terms layout on web pages
The Supreme Court of Canada recently dismissed a class action suit against Dell launched in Quebec. The case has some useful observations about e-commerce. The issue arose from Dell's mistaken posting of incorrect low...

The Canadian Press signs on to use Nstein...
Media software company Nstein Technologies Inc. (TSXV:EIN) announced Monday it has signed a contract with The Canadian Press. Canada's national bilingual multimedia news agency, which delivers content to...

Technology Sales Outsourcing Company opens...
Intensify Sales, the tactical sales outsourcing company has opened an office in Toronto, bringing its highly effective sales outsourcing services to the technology companies in Canada. Founded in the UK, Intensify...

Electronic revolution reaches the courtroom
The woman, who wanted a restraining order against her estranged husband, was in High Level with her children. The husband's lawyer and the court staff were 300 km south of High Level in Peace River, which is no...

Yahoo delivers email-to-SMS service
Yahoo Mail has introduced an email-to-SMS service that allows users to send free text messages to mobile phone numbers and instant messages to users of Yahoo Messenger and Windows Live Messenger. The service...


08.28.07


Avoiding Those "Hidden" Features

By Raymond Camden

I've said more than once that folks should avoid using hidden, undocumented features in ColdFusion.

This warning applies especially to the
ServiceFactory.

Did you know that in ColdFusion 8 you can restrict access to the factory?

In the settings page there is a new option:

Disable access to internal ColdFusion Java components
Disables the ability for CFML code to access and create Java objects that are part of the internal ColdFusion implementation.

This prevents an unauthenticated CFML template from reading or modifying administration and configuration information for this server.

So what happens when this is enabled?

Consider this simple code:

<cfset monitor = createObject("java", "coldfusion.runtime.RequestMonitor") />


With the above option disabled, it runs fine, but when turned on, you will get:

Permission denied for creating Java object: coldfusion.runtime.RequestMonitor.

Access to Java objects in the ColdFusion package has been disabled by the administrator.

So just keep it in mind when developing.

I won't deny that I've used these internal objects myself in the past, but now I avoid them like the plague. Almost anything you need (almost) is available via the Admin API anyway.

Comments

About the Author:
Raymond Camden, ray@camdenfamily.com
http://ray.camdenfamily.com

Raymond Camden is Vice President of Technology for roundpeg, Inc. A long time ColdFusion user, Raymond has worked on numerous ColdFusion books and is the creator of many of the most popular ColdFusion community web sites. He is an Adobe Community Expert, user group manager, and the proud father of three little bundles of joy.
About DevWebProCanada
DevWebProCanada is for professional developers ... those who build and manage applications and sophisticated websites. DevWebProCanada delivers via news and expert advice New Strategies In Development.

DevWebProCanada is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com


-- DevWebProCA is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2007 iEntry, Inc.  All Rights Reserved  Privacy Policy  Legal 
archives | advertising info | news headlines | free newsletters | comments/feedback | submit article


Delivering IT Solutions DevWebProCanada News Archives About Us Feedback DevWebProCanada Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact