I recon Boothroyd's metod is the way to go.
Since I've disabled READ (ACL) for EVERYONE on most of my client's cfm files
,but with CFFILE, those bad developers from the clients are still able to
write into other client's virtual directory.
On the other hand, starting CF server using a seperate user account may be
interesting, how that can be done ? login NT using that particular user acc
and execute CFSERVER?
thanks
repins
-----Original Message-----
From: Boothroyd, Charles J [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 12, 2000 11:19 PM
To: '[EMAIL PROTECTED]'
Subject: RE: ISP's Headache: CFFILE
Put the CFFILE and CFDIRECTORY programs (.cfm) into a sub or separate
directory and use NT authentication on that directory.
> -----Original Message-----
> From: Consultant [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, September 12, 2000 12:39 AM
> To: [EMAIL PROTECTED]
> Subject: ISP's Headache: CFFILE
>
> Hi:
>
> This is the first time I'm writing to the list, there is something I would
> like you nice people out there to help.
>
> My scenario:
>
> 1. Hosting multiple CF sites on a single NT server.
> 2. Partitions are in NTFS.
>
> I've came across user exploiting the CFFILE and CFDIRECTORY to view other
> users' file.
>
> CFFILE and CFDIRECTORY are essential for some of my clients.
>
> Question: Is there any way I can strengthen my file system's security
> without disabling CFFILE and CFDIRECTORY ?
>
>
> Thanks in advance!
>
>
> regards,
>
> Repins
>
>
> --------------------------------------------------------------------------
> ----
> To unsubscribe, send a message to [EMAIL PROTECTED] with
> 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
----------------------------------------------------------------------------
--
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
