hen discussing
locking down CF servers.
/charlie
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Mason
Sent: Wednesday, August 01, 2007 4:58 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
The issue, as I remember, is ho
ion and Flex hosting
Now offering ColdFusion 8 Enterprise hosting
FREE Subversion hosting
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon
Sent: Wednesday, August 01, 2007 5:01 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Ac
n Behalf Of Rob Saxon
Sent: Wednesday, August 01, 2007 5:01 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
Is there a document or web site with CF security best practices?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Maso
urity best practices?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Mason
Sent: Wednesday, August 01, 2007 4:58 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
The issue, as I remember, is how Jrun implements JAAS. Lib i
Is there a document or web site with CF security best practices?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Mason
Sent: Wednesday, August 01, 2007 4:58 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
The issue, as I
r site and
server
John
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe
Sent: Wednesday, August 01, 2007 4:36 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
If you are using sandbox security, w
[EMAIL PROTECTED] On Behalf Of Dean H.
Saxe
Sent: Wednesday, August 01, 2007 3:32 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Well the point is really you can't secure what you don't know about.
CF can be a very secure platform if you know how to secure
[mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe
Sent: Wednesday, August 01, 2007 3:32 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Well the point is really you can't secure what you don't know about.
CF can be a very secure platform if you know how to secure
ng
Now offering ColdFusion 8 Enterprise hosting
FREE Subversion hosting
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean
H. Saxe
Sent: Wednesday, August 01, 2007 3:17 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Sandbox security is
e hosting
> FREE Subversion hosting
>
>
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe
> Sent: Wednesday, August 01, 2007 3:17 PM
> To: discussion@acfug.org
> Subject: Re: [ACFUG Discuss] CF Service Account
>
> San
ean H.
Saxe
Sent: Wednesday, August 01, 2007 3:17 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Sandbox security is fine when it is backed up by OS-level security.
What hack do you refer to? That's a new one on me.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROT
On Behalf Of Dean H. Saxe
Sent: Wednesday, August 01, 2007 3:17 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Sandbox security is fine when it is backed up by OS-level security.
What hack do you refer to? That's a new one on me.
-dhs
Dean H. Saxe, C
o:[EMAIL PROTECTED] On Behalf Of Charlie
Arehart
Sent: Wednesday, August 01, 2007 2:59 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
No value in the resource/sandbox security? :-)
/charlie
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob
t
Sent: Wednesday, August 01, 2007 2:59 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
No value in the resource/sandbox security? :-)
/charlie
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon
Sent: Wednesday, August 01, 2007 2:05
No value in the resource/sandbox security? :-)
/charlie
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon
Sent: Wednesday, August 01, 2007 2:05 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
Thank you John and Dean for your
, August 01, 2007 2:05 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
Thank you John and Dean for your feedback. The CF script needs to write the
contents of a web form to a folder on another server so that an application
on that server can read in the f
Sent: Wednesday, August 01, 2007 1:50 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
Dean said it and I completely agree. Be very careful not to use the default
local system account for this or on a AD account. A web app really doesn't
need high level permission
usionlink.com/> - ColdFusion and Flex
hosting
Now offering ColdFusion 8 Enterprise hosting
FREE Subversion hosting
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon
Sent: Wednesday, August 01, 2007 12:22 PM
To: discussion@acfug.org
Subject: [ACFUG Discuss] CF Serv
Wednesday, August 01, 2007 12:25 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
CF should never be run as a high privileged account. Create a low privilege
account and run CF under that account. Only allow CF permissions on the
filesystem where they are absolutel
CF should never be run as a high privileged account. Create a low
privilege account and run CF under that account. Only allow CF
permissions on the filesystem where they are absolutely required.
Ensure CF does not have any administrative privileges if they are not
used (like using to ed
By default the CF service runs as a System account. What is the best
practice to allow this service to access all areas of the web server and
other server shares?
Here are some ideas I considered:
Scenario 1: Creating a domain account for the service with that belongs to
the local Admin group fo
21 matches
Mail list logo
