Here's how ya do it:
First: The deeper your web roots are the better.
In other words:
d:\firstdir\seconddir\clientswebroot
Second: On the 'd:', the 'firstdir' and the 'seconddir' set
ColdFusionService = NO ACCESS
Third: On other dirs on your server (i.e., c:\, c:\winnt, etc) set
ColdFusionService = NO ACCESS
Fourth: on the 'webroot' set ColdFusionService = full conrol
This way, the hosting users would have to know each user's webroot in order
to use CFFILE and CFDIRECTORY on them. The deeper you go the harder it is
going to be for anyone to guess. Also, by setting no access on the c:\ you
disallow CFFILE and CFDIRECTORY on them.
Basically, this configuration makes it harder for anyone to damage your
server.
John Cesta
http://www.cybersmarts.net
-------------------------------------------------
ColdFusion ASP and ActiveState PERL Hosting
--------------------------------------------
SearchIt PRO - IIS Logfile Management Software
www.serverautomationtools.com
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 12, 2000 1:52 PM
To: '[EMAIL PROTECTED]'
Subject: RE: ISP's Headache: CFFILE
> So where do you find a decent explanation of security
> contexts and how to set them up?
There's some description in the Advanced CF Dev book from Que. I don't know
how thorough it is.
> Dave maybe a CFUG on this would be nice :)
I think it's in the queue.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
----------------------------------------------------------------------------
--
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
