** Private ** wrote: > Can you please explain this to me: > >> IIS needs to be run as a privileged user, Apache doesn't. Due to this >> simple fact, IIS is inherently less secure. If Apache gets compromised, >> you get the Apache account. If IIS gets compromised, you get the >> server. > > I don't know Apache at all. > > However, there are multiple users that "run" IIS 6.0 - or are we > talking IIS 5.0?
Whichever you want. > Do you mean the anonymous account - IUSR_MACHINENAME > Or the default IIS 6.0 application pool identity - NETWORK SERVICE > Or the default IIS 5.0 COM+ Medium/High User Isolation Mode - > IWAM_MACHINENAME > > I'm not quite sure what you mean by "privileged account". An account with privileges a normal account does not have. The most obvious privilege is the privilege to start processes under a different user account. > How does APACHE work in this regard? Apache is just an executable like any other executable. It runs as whatever you started it with whatever you gave it, and that is it. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:227156 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
