It is considered a good security practice to not run application servers as
nobody. Basically you want to limit what can be done by the application
server user. Remember that anything the application server user can do, so
can any hacker that may exploit your server.
Another important reason for giving Cold Fusion a valid user account is for
testing purposes. You can login as that user and attempt to run 3rd party
software that may be accessed from Cold Fusion. For instance you can run SQL
Plus as the same user that Cold Fusion would. If for some reason you can't
run SQL Plus as that user then Cold Fusion certainly won't be able to
connect to Oracle.
-Matt
> -----Original Message-----
> From: Ryan [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 14, 2001 2:02 PM
> To: CF-Linux
> Subject: RE: Using MERANT oracle 8 client under linux [resolved]
>
>
> At 12:12 2/14/01 -0800, you wrote:
> >I would highly recommend against running Cold Fusion as nobody.
>
> No particular reason?
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
