Scott Mulholland wrote: >I was involved in a discussion earlier today about the feasibility of >building a control panel like solution to allow for users to maintain items >like domains, emails, etc. (think cpanel) on the linux platform. Not being >a linux person myself I was trying to find resources speaking to the >following: > > > >- Is there a way for cold fusion to have root level access without >being run under the root user? i.e. some way to mimic the permissions. > > > yes, cold fusion has the ability to create files even as a non root user. On Linux systems, could fusion could be used to write Linux shell scripts. From there, you can have a root cron job that runs the shell scripts as root.
> > >- If no, what are the explicit security concerns, if any, of allowing >cold fusion to run under root > > > > There are always security concerns when running anything as root, but if the project is seen by several people, and evaluated for security issues by several, knowledgeable developers, the chances of a security hole diminish. >- Are these items things that can actually be accessed and scripted >via cold fusion. > > > > yes. Cold fusion can be programmed to filter dangerous content. Many CFers already do this with user input, so it's nothing new. >Anyone have any good articles that would address this, google isn't coming >back with much for me. > > > > You've probably just accessed the best resource for this... (A CF-based mailing list) where do you think google gets half it's useful content. ;) >Thanks, >Scott > > > I like the idea of a Cold Fusion based control panel, and I made one using the strategy outlined above before I worked for Vivio. The project was developed for the Community College I was working for, and was made open source here: https://sourceforge.net/projects/wwccwebmanager/ Unfortunately, the site only hosts version 1.1 and 1.0. There was a 1.2 which was vastly more user friendly, etc, but I was unable to get that on SF before I quit to join Vivio. The project was released under the GPL, so you're welcome to take a look at it. -- Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:210281 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
