So I just had a random, stray thought. One thing I've done in the past is sniff the current server to determine behavior aspects of my site. So for example, my error handler may do something like this:
<cfif findNoCase("dev.", cgi.server_name)>
Something went wrong. Quick - reboot the Tandy.
While this works nice, I just ran across a problem with it. If you hit this file on my site:
You will see I print out cgi.server_name. Now if you go into your HOSTS file and do:
And then hit the file with:
You will notice that the CGI variable now says baloneypants. No big surprise there I guess. But obviously if I knew your code did this, and if I added dev.x.com for x.com, I could use it as a way to "sniff" out differences based on that CGI variable.
Unfortunately I can't think of a nice solution. Sniffing the servername is a handy way to dynamically load settings based on environment. If you can't trust cgi.server_name than you need to do something else - like perhaps sniff something on the machine itself.