Question
Application variable security
I get this notification from our security group this a.m.
that states, "Application variables need to be removed from CF
applications during the next release because these can be accessed
by any application running on the same box and pose a security
risk."
I have checked documentation and searched for anything that identifies this as a known issue or security risk for CF Applications. But, have found nothing on this.
Lets say there are three CFMX 7 Applications all running on the same server. We'll call them App_A, App_B, and App_C. If App_A assigns a value to an application variable (i.e., <cfset application.user_name="JDoe123">), is it then possible for App_B and/or App_C to then reference, use, and/or change App_A's application.user_name variable value?
Say by referring to the App_A application variable using syntax similar to this: <cfoutput>#App_A.application.user_name#</cfoutput>
I have checked documentation and searched for anything that identifies this as a known issue or security risk for CF Applications. But, have found nothing on this.
Lets say there are three CFMX 7 Applications all running on the same server. We'll call them App_A, App_B, and App_C. If App_A assigns a value to an application variable (i.e., <cfset application.user_name="JDoe123">), is it then possible for App_B and/or App_C to then reference, use, and/or change App_A's application.user_name variable value?
Say by referring to the App_A application variable using syntax similar to this: <cfoutput>#App_A.application.user_name#</cfoutput>
AdChoices