Someone posted a message on cf-talk today that quickly mushroomed into a discussion on shared hosting and the related security risks. There is nothing wrong with shared hosting, and for many applications shared hosting may be the right choice (due to the low cost). But such an environment does have inherent security risks, and it is important to understand them.
Unless you are running ColdFusion on top of a J2EE server (more on that in a moment), computers run a single copy of ColdFusion. This is true of all versions of ColdFusion, starting with CF1 all the way through CFMX.
What does this mean? Several things. For starters, the performance of any application is affected by the performance of any other, if someone were to write really bad CF code that slowed his or her application, your application will suffer too. In addition, settings are shared (debugging settings, caching settings, timeouts, global error handlers, etc.). This will likely mean that when you ask for a CF Admin setting to be changed for you, you’ll be told “no”. Furthermore, when an update or service pack comes out, you’ll probably have to wait to be able to use it – your ISP will generally need to be extremely conservative when it comes to making any configuration changes. And you can forgot asking for a service to be restarted when the need arises.
All of these may or may not be valid concerns, but they are not the really big concern. The really big concern is security. On a shared box resources are shared. Data sources defined for one application may be used by another. Files and directories belonging to one application may be accessed by anyone with access to
At a high level there are two ColdFusion features that can help with the problem, or rather, can help with different parts of the problem. One option is to disable the use of “dangerous” tags. I know of lots of ISPs who do not allow the use of
Beyond all this, there is another risk, and there is no solution for this one in a shared hosting environment. As already said, all applications share the same ColdFusion. Stuff in the SERVER scope (which you generally should not be using anyway) is shared by all applications. Stuff in APPLICATION is shared by all instances of the same
Having said all this, shared hosting is not a bad thing, but it is inherently risky (this is nothing to do with CF, if you were using ASP or PHP or Perl or whatever it would be just as risky). Sites that need high security and high availability and complete control should not be using shared hosting, they need dedicated hosting. In the past this meant a dedicated box, but this is not the case anymore. Using ColdFusion on top of a J2EE server it is now possible to have multiple instances of ColdFusion in the same box. For the right clients and applications, this is the only really safe way to implement shared hosting.
Leave a Reply