What permission combination allows a user to check permissions, but not
read, a file? And what tool do I use to set that perm?
thanks
< much snipped >
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 02, 2000 12:05 PM
To: CF-Talk
Cc: '[EMAIL PROTECTED]'
Subject: RE: Ok, What is Fusebox?-- Reply to Peter
(re: Fusebox as security provider)
> First off this is mis-stated. One of the appealing points of
> fusebox is that you can lock down all of those function and
Without getting into another discussion of the merits of Fusebox as an
application development methodology, I have to point out that it doesn't
provide any additional security for your application.
going to use it.
3. Use NT security.
The CF server needs execute permissions. The IIS user needs to be able to
check file permissions. That's really all you need to enable. Note the lack
of "read" permissions for the IIS user. If you configure your server with a
minimal set of permissions, source code reading exploits will fail.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
