> That is why they have sandbox security... That's all well and good, except that sandbox security isn't on by default, and even when you do use it, the potential exists for the service to do things that you wouldn't want to allow. There's no way around that - if the service runs as SYSTEM, then it it completely unfettered by the restrictions normally placed by the OS on user actions.
For an analogy, you just have to look at IIS. IIS runs as SYSTEM, but when it receives a request for an HTML page or the like, it impersonates a less-privileged user (typically IUSR_MACHINE) and processes the request as that user. That's very similar to the idea of sandbox security. However, nearly all of the public problems with IIS occur when it receives a malformed request, and executes the instructions within that request as SYSTEM - at that point, it's game over, man! With IIS, you don't have a choice - it has to run as SYSTEM - so you simply remove all of the unnecessary functionality which breaks when processing these malformed requests. With CF, you do have a choice - you can run it as a less-privileged user. A general axiom of security is to use the least amount of privilege necessary. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
