Run it as a user, give that user access only to CF and any other paths you need, such as system temp folder. Each web site runs under it's own user account, that has access only to it's own folder plus required system folders.
Russ -----Original Message----- From: Rey Bango [mailto:[EMAIL PROTECTED] Sent: 23 August 2005 07:45 To: CF-Talk Subject: Re: Symantec AntiVirus for Dedicated Web Server... Dave, What are your best practices for setting up CF? What perms do you assign? What groups do you assign the user which CF runs under to? Rey... Dave Watts wrote: >>Are you talking about permissions here? Disk permissions or some type >>of IIS permissions? In any case, if you are running windows, most >>services run under a system account (although this has changed in >>windows 2003), and the system account usually has access to execute in >>any directory. So if you buffer overrun the service, then you can >>execute the files wherever they are. Even if it's linux, you can >>probably run a chmod on the files beforehand, and then execute, so >>permissions are not going to help you much... > > > This is why it's so important not to run CF or similar services as SYSTEM. > If I can run unauthorized code on your machine as SYSTEM, it's not your > machine any more - it's mine. Filesystem access is irrelevant at that point. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216013 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
