servers.
/charlie
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Mason
Sent: Wednesday, August 01, 2007 4:58 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
The issue, as I remember, is how Jrun implements JAAS. Lib
CF should never be run as a high privileged account. Create a low
privilege account and run CF under that account. Only allow CF
permissions on the filesystem where they are absolutely required.
Ensure CF does not have any administrative privileges if they are not
used (like using
, August 01, 2007 12:25 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
CF should never be run as a high privileged account. Create a low privilege
account and run CF under that account. Only allow CF permissions on the
filesystem where they are absolutely required
Dean said it and I completely agree. Be very careful not to use the default
local system account for this or on a AD account. A web app really doesn't
need high level permissions. If you can share why you would need to access
shared drives, etc. Maybe we can advise a better way.
On the question
Sent: Wednesday, August 01, 2007 1:50 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
Dean said it and I completely agree. Be very careful not to use the default
local system account for this or on a AD account. A web app really doesn't
need high level permissions
, 2007 2:05 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
Thank you John and Dean for your feedback. The CF script needs to write the
contents of a web form to a folder on another server so that an application
on that server can read in the form results
No value in the resource/sandbox security? :-)
/charlie
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon
Sent: Wednesday, August 01, 2007 2:05 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
Thank you John and Dean for your
, August 01, 2007 3:17 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Sandbox security is fine when it is backed up by OS-level security.
What hack do you refer to? That's a new one on me.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
[U]nconstitutional behavior
Sent: Wednesday, August 01, 2007 2:59 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
No value in the resource/sandbox security? :-)
/charlie
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Saxon
Sent: Wednesday, August 01, 2007 2:05 PM
: Wednesday, August 01, 2007 3:17 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Sandbox security is fine when it is backed up by OS-level security.
What hack do you refer to? That's a new one on me.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
[U
, August 01, 2007 3:17 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Sandbox security is fine when it is backed up by OS-level security.
What hack do you refer to? That's a new one on me.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
[U]nconstitutional
Of Dean H.
Saxe
Sent: Wednesday, August 01, 2007 3:32 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
Well the point is really you can't secure what you don't know about.
CF can be a very secure platform if you know how to secure it and
write
secure code on top
and
server
John
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe
Sent: Wednesday, August 01, 2007 4:36 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] CF Service Account
If you are using sandbox security, which under
?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Mason
Sent: Wednesday, August 01, 2007 4:58 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
The issue, as I remember, is how Jrun implements JAAS. Lib is
actually open
01, 2007 5:01 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] CF Service Account
Is there a document or web site with CF security best practices?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Mason
Sent: Wednesday, August 01, 2007 4:58 PM
15 matches
Mail list logo