Skip to main content
A
alessandro_bradanini
Participant
October 13, 2010
Question

Set up permissions on the ColdFusion 9 installation directory

  • October 13, 2010
  • 2 replies
  • 1173 views

I have installed ColdFusion 9 on a Windows Server 2008, following the ColdFusion 9 Security Lock Down Guide [0]. I have configured ColdFusion services to run as a specific local user (not system account), and I had to grant to this user full rights access to ColdFusion directory. I want to limit access only to folders that are necessary.

How I set up rigths for ColdFusion user?

There are documents that explain this?

[0] http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_lockdownguide_wp_ue.pdf

Thanks

    This topic has been closed for replies.

    2 replies

    Owainnorth
    Owainnorth
    Inspiring
    October 13, 2010

    Whenever I do an install I give the CF user full control over the CF directory, the websites root and a separate CF logs directory should you wish to use one. I wouldn't bother trying to lock them down any further than that, as you start running into issues when CF needs various libraries for certain ajax functions and the like.

    O.

    D
    Community Expert
    Dave WattsCommunity Expert
    Community Expert
    October 13, 2010

    I'm usually reluctant to give CF full control over the web root, as this means that CF can potentially be used to write CF programs or other potentially malicious files. But in that case, you have to clearly identify when and where files can be uploaded, which is an extra layer of problems for developers.

    Dave Watts, CTO, Fig Leaf Software

    http://www.figleaf.com/

    http://training.figleaf.com/

    Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on

    GSA Schedule, and provides the highest caliber vendor-authorized

    instruction at our training centers, online, or onsite.

    Dave Watts, Eidolon LLC
    D
    Community Expert
    Dave WattsCommunity Expert
    Community Expert
    October 13, 2010

    The lockdown guide is a good place to start, but this gives you an idea of how to limit the CF account access further on Windows:

    http://jochem.vandieten.net/2008/04/06/windows-file-permissions-for-the-coldfusion-account/

    Dave Watts, CTO, Fig Leaf Software

    http://www.figleaf.com/

    http://training.figleaf.com/

    Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on

    GSA Schedule, and provides the highest caliber vendor-authorized

    instruction at our training centers, online, or onsite.

    Dave Watts, Eidolon LLC
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices