OK. So on CF5, what needs to be done to "properly secure a CF server" - against the evils of CFFILE, or anything else?
best, paul At 11:55 AM 1/30/03 -0500, you wrote: > > Yes true, on properly configured CF server, which as > > you know Dave, are not very common :-) > >Yes, which is why I feel compelled to harp on it so much, I guess. This is >especially true with CFMX - it's a lot easier to secure on Windows than CF 5 >was. You create a user, give the user the "log on as a service" right, give >it RWXD on the CFusionMX directory, give it read rights on your web >directory, configure the service to run as that user, and you're all set. >You can tighten it even further, but that's a good start. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >voice: (202) 797-5496 >fax: (202) 797-5444 > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
