> appears that "Users" do have permission to read/execute the
> extension. I assume you mean they should have that permission,
> right?
Yes, you should set the permissions on that file so that "Authenticated
Users" have read/execute rights. Note that "Authenticated Users" isn't the
same group as "Users". The former is a contextual group, like "Everyone";
anyone who successfully authenticates is a member of the group. The IIS
anonymous user isn't a member of "Users" by default, but will be a member of
"Authenticated Users".
> Would that affect the serving of non-CF files, though? The
> problem applied to .htm, .gif, you name it.
With CFMX on IIS, yes, it will affect everything by default. All requests go
through the CFMX ISAPI filter (or ISAPI wildcard extension on IIS 6), even
if they're not requests for .cfm files. This allows the execution of
arbitrary servlets like the Flash Remoting gateway. You can disable this if
you like, by removing the CFMX ISAPI filter and leaving the CFMX ISAPI
extension in place.
> Specifically, Dave, have you ever encountered a problem like
> this after changing the Login account for CFMX from System to
> a less-privileged User? (I ask since you've addressed
> changing the Login many times in the past.) The problem
> didn't occur immediately after that change; but that change
> was the last modification made on that server prior to the
> problem.
I've encountered a bunch of problems almost every time I change user
authentication for any service, but these are generally easy to identify and
fix. I'm not sure if your problem was related to that, though. I generally
have no problem running CF as a specific user with very few privileges, once
I work my way through troubleshooting permissions issues.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
