Security by obscurity is not a good mechanism... let everyone see.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"What is objectionable, what is dangerous about extremists is not
that they
are extreme, but that they are intolerant."
-- Robert F. Kennedy, 1964
On Aug 1, 2007, at 3:24 PM, John Mason wrote:
Dean, I'll need to email you off list after the meeting. I
naturally don't
like sharing that stuff in the open for everyone to see.
For everyone out there - needless to say, don't just depend on the
CF level
of security. Security should always include multiple layers.
Otherwise it
won't hold up very well.
John Mason
[EMAIL PROTECTED]
770.337.8363
www.FusionLink.com - ColdFusion and Flex hosting
Now offering ColdFusion 8 Enterprise hosting
FREE Subversion hosting
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean
H. Saxe
Sent: Wednesday, August 01, 2007 3:17 PM
To: [email protected]
Subject: Re: [ACFUG Discuss] CF Service Account
Sandbox security is fine when it is backed up by OS-level security.
What hack do you refer to? That's a new one on me.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"[U]nconstitutional behavior by the authorities is constrained
only by the
peoples' willingness to contest them"
--John Perry Barlow
On Aug 1, 2007, at 3:12 PM, John Mason wrote:
There's some, but there's a known remote java class hack to get
around it.
I'm testing CF8 for this issue. Bluedragon doesn't have this issue
by the
way. For a lot of things sandboxing is certainly good if people
would just
use it ;)
But if you have COM objects on and CF is running under the local
service
account. Which a lot of people do for some reason. You can pretty
much do
anything you want to a server. Taking CF off local service account
achieves
a lot of known security issues out right and it's easy to
implement. That's
why I jump on that whenever possible.
John Mason
[EMAIL PROTECTED]
770.337.8363
www.FusionLink.com - ColdFusion and Flex hosting
Now offering ColdFusion 8 Enterprise hosting
FREE Subversion hosting
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Charlie Arehart
Sent: Wednesday, August 01, 2007 2:59 PM
To: [email protected]
Subject: RE: [ACFUG Discuss] CF Service Account
No value in the resource/sandbox security? :-)
/charlie
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon
Sent: Wednesday, August 01, 2007 2:05 PM
To: [email protected]
Subject: RE: [ACFUG Discuss] CF Service Account
Thank you John and Dean for your feedback. The CF script needs to
write the
contents of a web form to a folder on another server so that an
application
on that server can read in the form results.
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @
http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @
http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @
http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
