Would be nice if the presumed scope of the article (CF Pages & its not-previously-public Azure-based implementation) was reflected in the title. Or mentioned closer to the beginning of the article to let a reader decide if the article is of interest to them.<p>Also Pages was facing criticism related to the long building environment allocation time. E.g. you start a build and get a report the build is effectively frozen (usually single digit minute delay) until the required resources have been allocated. In response, CF revamped the Pages building pipeline in order to cut the waiting time. This is currently available as non-public Beta, users can ask to join and start using it. Again, would be good to know if the article applies to the revamped building machinery or not. I didn't know the Pages GA builds use Azure and I don't know if the Beta builds keep using it.<p>Overall, the Part 1 looks like a useful reminder that any piece of information supplied by a user should be treated as malicious until proven otherwise. And of course, limiting the scope of any privilege/right as tightly as possible is a must.