> Talked to a .Net guy on Friday and he told me about a security > issue with running CFMX and .Net on the same box. > > Here's what he said... > > 0000000000000000000 > > Hi Candace, I was mainly referring to chatter in the forums > from ISP / Web Hosting companies. It seems that the issues > are mostly related to hosting multiple client sites on a > single IIS server. So, the issue may not be a problem for > you. I believe the issue was the IUSER_SERVER and IWAM_SERVER > accounts had to be given Admin rights for ASP.NET and CFMX > to co-exist. > 0000000000000000000 > > Anyone come across this and if so, is there a fix?
I have not encountered this, after setting up several servers with both ASP.NET and CFMX, and with multiple virtual servers. Typically, on each of those virtual servers, I set them up so that only one or the other would be enabled. If you've followed CF configuration best practices with IIS by running ISAPI extensions in-process (the "Low" application isolation setting), the IWAM_ account won't be used by CF, only the IUSR_ account. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4