---- Dave Watts <dwa...@figleaf.com> wrote: > In the case where everything's locked down by default, nothing works, > and admins need to learn how to remove security to allow access to a > web application.
This reminds me of finding a scientific server where everyone in the department was an administrator. When I asked about why the heck everyone was in the administrators group, the people told me the specialized software wouldn't work if a user wasn't in the administrators group. My assumption was all they needed was access to a temp folder, but I wasn't in the position to go all crazy on them. Hey, but it worked! Academic software developers aren't always concerned with security. So, I'm not sure locking down initially would help that much since many unaware installers would just undo all the security to make it work. How do other enterprise middleware systems do it? -- LinkedIn: http://www.linkedin.com/pub/roger-austin/8/a4/60 Twitter: http://twitter.com/RogerTheGeek Blog: http://RogerTheGeek.wordpress.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358122 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm