> default user account, ISSR_USER or something like that on
> Windows systems, and even this default basic user often has
> more permissions then the default system user that the CF
> service runs under.
There are two problems with that theory. First, when you use CFSCHEDULE or
CFHTTP, the CF server simply sends an HTTP request to your web server. If
you don't provide a username and password, and none is needed for that URL,
IIS will use the anonymous login to authenticate against the OS. So, that
shouldn't make any difference. Second, the anonymous login account
(IUSR_WHATEVER) is a guest account and has very few privileges by default.
CF, on the other hand, runs as SYSTEM by default, which is a very privileged
local security context. As long as CF doesn't require any resources
elsewhere on the network, SYSTEM is as privileged as you can get!
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
