At 01:40 PM 8/3/00 , you wrote:
Dave,
As always, thanks for the wealth of information, explained clearly...
Your comments raise a simple question:
>2. Remove the right to read files from whatever user the CF server is
>running as (typically SYSTEM). All CF needs to be able to do is execute.
I presume this will not affect reading the contents of a file with
cffile/read ??
>Again, both of these are things that you should already be doing on NT
>production web servers! If you do these things, you won't have to worry
>about the vast majority of IIS "exploits".
Brian L. Wolfsohn http://www.cus.com
CUS Business Systems Ft.Lauderdale,FL
Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED]
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
