Dean, I'll need to email you off list after the meeting. I naturally don't like sharing that stuff in the open for everyone to see. For everyone out there - needless to say, don't just depend on the CF level of security. Security should always include multiple layers. Otherwise it won't hold up very well. John Mason [EMAIL PROTECTED] 770.337.8363 www.FusionLink.com <http://www.fusionlink.com/> - ColdFusion and Flex hosting Now offering ColdFusion 8 Enterprise hosting FREE Subversion hosting
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Wednesday, August 01, 2007 3:17 PM To: [email protected] Subject: Re: [ACFUG Discuss] CF Service Account Sandbox security is fine when it is backed up by OS-level security. What hack do you refer to? That's a new one on me. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "[U]nconstitutional behavior by the authorities is constrained only by the peoples' willingness to contest them" --John Perry Barlow On Aug 1, 2007, at 3:12 PM, John Mason wrote: There's some, but there's a known remote java class hack to get around it. I'm testing CF8 for this issue. Bluedragon doesn't have this issue by the way. For a lot of things sandboxing is certainly good if people would just use it ;) But if you have COM objects on and CF is running under the local service account. Which a lot of people do for some reason. You can pretty much do anything you want to a server. Taking CF off local service account achieves a lot of known security issues out right and it's easy to implement. That's why I jump on that whenever possible. John Mason [EMAIL PROTECTED] 770.337.8363 www.FusionLink.com <http://www.fusionlink.com/> - ColdFusion and Flex hosting Now offering ColdFusion 8 Enterprise hosting FREE Subversion hosting _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Arehart Sent: Wednesday, August 01, 2007 2:59 PM To: [email protected] Subject: RE: [ACFUG Discuss] CF Service Account No value in the resource/sandbox security? :-) /charlie _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon Sent: Wednesday, August 01, 2007 2:05 PM To: [email protected] Subject: RE: [ACFUG Discuss] CF Service Account Thank you John and Dean for your feedback. The CF script needs to write the contents of a web form to a folder on another server so that an application on that server can read in the form results. ------------------------------------------------------------- Annual Sponsor - Figleaf Software <http://www.figleaf.com> To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- Annual Sponsor - Figleaf Software <http://www.figleaf.com> To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
