> >
> > <http://www.macromedia.com/support/coldfusion/ts/documents/
> > tn17279.htm>
> > adequately describe what permissions need to be set for
> > CFMX, or is there a better set of instructions for CFMX?
>
> I never gave CF MX any additional registry permissions (au
> contraire, I removed quite a bit) and didn't have any problems.
That has been my experience also. In addition, you can be much more
stringent with filesystem permissions than that document says. There's no
need to grant full control to any directories, although it may be a bit
easier to do that with the \cfusionmx directory than to fiddle around with
more specific ACLs. You certainly don't have to grant full control to web
document directories, unless you plan to use CF to manipulate the filesystem
within those directories using CFFILE or the like.
> > Is there any advantage to running the two ODBC services
> > under a non-System account?
>
> Do you need ODBC at all?
In general, it's best not to run services as SYSTEM if you can avoid it. I
don't know of any SequeLink vulnerabilities, but that doesn't mean there
aren't any. But Jochem's right (as usual) - if you're not using MS Access or
ODBC datasources, you can just turn these two services off.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
