I currently run CF with a non-system account. a) breaking current applications is certainly an issue. I have figured out how to set permissions that work for me (documented at http://www.defusion.com/articles/index.cfm?ArticleID=89) but, depending on what databases and other components you use you may have to experiment.
b) new security holes: I regard using a non-system account as an overall security improvement, because someone who gets control of CF doesn't necessarily get control of the box. However, someone who gets control of CF may, in a non-system account situation, get some sort of access to other machines. Exactly what access they obtain depends on how you set up the account. > -----Original Message----- > From: Brian L. Wolfsohn [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 07, 2002 11:47 AM > To: CF-Talk > Subject: CFSERVER and security > > > At 12:48 PM 5/8/2001 -0400, you wrote: > > >Is this "T:" drive physically on your server, or is it on > another server? If > >it is on another server, the CF Service must be run in the > context of a user > >that would have access to that other server. Just because > you can see the > >drive share doesn't mean CF can. > > This response was originally part of a discussion on > accessing files using > cffile, and the need to run cfserver under a user account as > opposed to the > system account. > > I'm concerned with the ramifications of running cfserver as a > user account > as opposed to the system account. Are there security issues > that don't > exist when it's run under the system account ? We've got a > pretty heavily > used existing live box that has been running cfserver under > the system > account. I'm concerned about A:breaking existing applications and > B:creating security holes that didn't exist before. > > Any advice would be appreciated. > > > Brian L. Wolfsohn http://www.cus.com > CUS Business Systems Ft.Lauderdale,FL > Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] > ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
