I currently run CF with a non-system account.
a) breaking current applications is certainly an issue. I have figured
out
how to set permissions that work for me (documented at
http://www.defusion.com/articles/index.cfm?ArticleID=89) but,
depending on
what databases and other components you use you may have to experiment.
b) new security holes: I regard using a non-system account as an
overall
security improvement, because someone who gets control of CF doesn't
necessarily get control of the box. However, someone who gets control
of CF
may, in a non-system account situation, get some sort of access to
other
machines. Exactly what access they obtain depends on how you set up
the
account.
-Original Message-
From: Brian L. Wolfsohn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 11:47 AM
To: CF-Talk
Subject: CFSERVER and security
At 12:48 PM 5/8/2001 -0400, you wrote:
Is this T: drive physically on your server, or is it on
another server? If
it is on another server, the CF Service must be run in the
context of a user
that would have access to that other server. Just because
you can see the
drive share doesn't mean CF can.
This response was originally part of a discussion on
accessing files using
cffile, and the need to run cfserver under a user account as
opposed to the
system account.
I'm concerned with the ramifications of running cfserver as a
user account
as opposed to the system account. Are there security issues
that don't
exist when it's run under the system account ? We've got a
pretty heavily
used existing live box that has been running cfserver under
the system
account. I'm concerned about A:breaking existing applications and
B:creating security holes that didn't exist before.
Any advice would be appreciated.
Brian L. Wolfsohnhttp://www.cus.com
CUS Business Systems Ft.Lauderdale,FL
Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED]
__
Get Your Own Dedicated Windows 2000 Server
PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER
Instant Activation · $99/Month · Free Setup
http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists