> It's not CF that doesn't support on the-fly-decrypting, it's
> the web server. IIS just shoves the .cfm file to the CF parser
> sight unseen. Of course CF chokes on the encrypted file - it
> look like garbage to the CF server. Same with ASP, Perl,
> Tango, what have you.
>
> MS would need to build support for on-the-fly decryption into
> IIS. I hope they don't, as it would incur far too much overhead.
> What seems to be transparent to you when using MSWord or something
> becomes a huge issue when multiplied by thousands of page hits.
That's not exactly how Win2K's EFS works. It's built into NTFS, essentially,
so that if you're the user who encrypted the file in the first place, when
you request the file, it will automatically be decrypted for you. This
applies whether you're an interactive user, or a user account used by a
service. To use EFS with a service, you simply have to run the service as a
specific user, instead of the local system context. For services that
provide impersonation, like IIS, the user of the service will have to be the
one who encrypted the file in the first place.
> The real issue here is why would you want to use that form of
> encryption anyway? With the proper permissions set on NT, your
> code is safe.
That's right. EFS is not intended for use in this context. It's designed
mostly for mobile users, who might have critical files on their laptop.
Without EFS, once your laptop is stolen, the bad guy could install another
copy of NT or Win2K on it, then use administrative rights to take control of
the files. With EFS, the bad guy would either need to know the original
user's account and password, or the specific admin account reserved for data
retrieval, which in a Win2K domain environment would be a domain account.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
