> My scenario:
>
> 1. Hosting multiple CF sites on a single NT server.
> 2. Partitions are in NTFS.
>
> I've came across user exploiting the CFFILE and CFDIRECTORY
> to view other users' file.
>
> CFFILE and CFDIRECTORY are essential for some of my clients.
>
> Question: Is there any way I can strengthen my file system's
> security without disabling CFFILE and CFDIRECTORY?
You have a couple of options.
1. Use CF's Advanced Security. If properly implemented, you should be able
to lock down access to specific tags on a per-developer basis, if required.
As I understand it, this isn't foolproof, but should be sufficient for most
needs. The problem with Advanced Security is that the interface for setting
it up isn't very intuitive, and may take a while to figure out. Advanced
Security comes with CF Enterprise Edition.
2. Configure the CF server so that it doesn't run in the Local System
security context, which is the default. Then, you can limit read access on
files, so that the CF server only has execute rights. This will prevent
CFFILE from working. To make this relatively easy, you should use the new NT
file ACL security interface added in SP 4 or so, which allows you to get
very granular with ACL configuration, or better yet use a command-line ACL
tool like XCACLS.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
