Yes, CF runs under Local System. So CF has full system access. That's the danger from the applications on the server. What about an external attack -- what could be done, specifically?
thanks, Chris On Wed, Sep 19, 2012 at 7:21 PM, Russ Michaels <[email protected]> wrote: > > This depends what permissions your cf setvice runs under, if you jusy > installed as default then cf has full system access via java. > > Regards > Russ Michaels > On Sep 19, 2012 11:53 PM, "Chris" <[email protected]> wrote: > >> >> So ... a client wants to know just how risky it is to temporarily >> allow java.security.AllPermission ? >> >> It's clear it's not good, but how bad is it? What exactly could >> someone do to a server that's behind firewalls and load balancers? >> >> thanks, >> Chris >> >> Here's what they're asking about enabling: >> \Jrun4\lib\jrun.policy >> // to grant wide-open security access to all code, uncomment this line >> // permission java.security.AllPermission; >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352673 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
