> We run our web site on ColdFusion - and we have in-house
> programmers who are all Microsoft programmers (mostly VB
> and ASP). They are looking for a diagram of how IIS and
> ColdFusion interact - i.e. does IIS or OS security have
> a factor? is CF set up as a system account? are ColdFusion
> files recognized by IIS by file type? etc.
>
> Do any of you know where I might find a concise diagram or
> document that has this type of information for them?
I don't know of the existence of a specific document, but the answers are
pretty simple.
CF runs as a separate service, but it also integrates with IIS using an
ISAPI extension. The ISAPI extension runs in-process with IIS, just like the
ASP engine, and when a request is received that is mapped to the file
extension associated with the ISAPI extension (typically .cfm and .dbm,
although those can be changed in the IIS management console), the request is
forwarded to the CF service for processing.
IIS and NT security are used to determine whether the user can request the
file in the first place. This happens before the request is forwarded to the
CF service. So, you'll generally follow the same procedure for securing CF
applications with ACLs that you would with an ASP application.
CF, by default, runs as a service using SYSTEM privileges. You can change
this, though; instructions for doing this are available here:
http://www.defusion.com/articles/index.cfm?ArticleID=89
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
