Re: [DFW CFUG] Re: CF Security Question

Fri, 08 Sep 2006 09:44:07 -0700

Thanks for responding, Tom. I appreciate knowing how others are running their CF servers. I may just suggest a domain user instead of admin. Does anyone know if what Tom is doing here is pretty much standard or does anyone else set theirs up differently?

Chris

Tom Woestman wrote:

Chris,

 

We run CF as a domain user to ensure it has the ability to access network shares but definitely not as a domain admin.  The domain user is only needed if you are accessing resources outside the system itself (other than databases).  I would recommend moving access back to a domain user rather than admin if you are confident that user will have access to all resources needed.

 

If you don’t need to access outside resources then the standard system user is a good choice as that reduces the risk of a compromised system attacking other systems.

 

Tom Woestman

 

p.s.  I am not an expert in this area so please take this with the corresponding chunk of salt

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Christopher Jordan
Sent: Friday, September 08, 2006 8:29 AM
To: Dallas/Fort Worth ColdFusion User Group Mailing List
Subject: [DFW CFUG] Re: CF Security Question

 

Does anyone have thoughts on this?

Christopher Jordan wrote:

Hi folks,

The IT director at the client I'm working for right now, is trying to tighten down security, and he wants to change the privileges on the account that the CF services currently use. However, a long while back when my company first got this client and they didn't know ColdFusion from a hole in the ground, there were problems using an account with limited privileges. The IT director at the time, couldn't figure it out and his solution was to make the account a domain admin.

Are domain admin privilages overkill? Can anybody tell me what the minimum access privileges are for the account that the ColdFusion services use?

Many thanks,
Chris


_______________________________________________
Reply to DFWCFUG: 
  [email protected]
Subscribe/Unsubscribe: 
  http://lists1.safesecureweb.com/mailman/listinfo/list
List Archives: 
    http://www.mail-archive.com/list%40list.dfwcfug.org/             
  http://www.mail-archive.com/list%40dfwcfug.org/
DFWCFUG Sponsors: 
  www.HostMySite.com 
  www.teksystems.com/
  



_______________________________________________
Reply to DFWCFUG: 
  [email protected]
Subscribe/Unsubscribe: 
  http://lists1.safesecureweb.com/mailman/listinfo/list
List Archives: 
    http://www.mail-archive.com/list%40list.dfwcfug.org/             
  http://www.mail-archive.com/list%40dfwcfug.org/
DFWCFUG Sponsors: 
  www.HostMySite.com 
  www.teksystems.com/

Reply via email to