> cfcontent because the cfcontent tag itself is running in the
> Web server process, not the CF process. If you are running
> Apache, you can change the Apache service's permissions to
> access the resource and it will work.
>
> If you are running IIS, you are basically out of luck. I've
> tried to get IIS running with something other than local
> system permissions, even used an MS engineer to try to make
> it work, but we never got it running right.
IIS 5 must run as SYSTEM. The underlying reason for this is that it needs to
be able to impersonate other users, which is only allowed to security
contexts which run as part of the operating system. This is essential to the
security model of IIS, which is tightly integrated with Windows' own
security - every request is handled using the rights of a specific user; in
the case of anonymous requests, the "IUSR_" account is used, while in the
case of authenticated requests, the specific Windows account in question is
used. To the best of my knowledge, you simply can't do that with other web
servers on Windows.
In Windows Server 2003, the ability to impersonate other users is a separate
privilege, and IIS 6 can run as a user with this privilege. Windows Server
2003 also provides a security context to allow network access to services,
if I recall correctly.
However, if you're using earlier versions of Windows, you should be able to
allow anonymous access to network resources by using null sessions, and the
SYSTEM security context of your web server should then be able to connect to
those resources:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q289655
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
