>If you run CF as SYSTEM, then every .cfm file is running within the
>most-privileged security context. This is potentially very bad, and usually
>unnecessary.
That is why they have sandbox security...
Mike Graf
DataPipe
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Wed 8/14/2002 9:19 PM
To: CF-Server
Cc:
Subject: RE: Win2k and Users/ cfservice
> All directories that contain .cfm files, require SYSTEM
> permissions. This is set automatically when CF installs,
> but does not take care of the Inetpub directory.
I don't think that the CF install changes permissions on the filesystem; the
files placed on the system by the install simply inherit ACLs from parent
directories. If you've properly limited those ACLs, you'll have to manually
configure them correctly for the new files. As for .cfm file requiring
SYSTEM permissions, this is only true if you run CF as SYSTEM.
> All services should run under the SYSTEM account as
> well to avoid problems getting services to load and
> run.
Yikes! If you can run a service as a "regular" user, you're much better off
doing that than running it as SYSTEM, from a security perspective. With CF,
you can do this pretty easily; there's a technote on the MM site and an
article on defusion.com.
If you run CF as SYSTEM, then every .cfm file is running within the
most-privileged security context. This is potentially very bad, and usually
unnecessary.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
