Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How does the ColdFusion service interact with IIS in terms of security?

ColdFusion IIS interact security service terms
0
Posted

How does the ColdFusion service interact with IIS in terms of security?

0 CommentsAdd a Comment

1 Answer

0

CF runs as a separate service, but it also integrates with IIS using an ISAPI extension. The ISAPI extension runs in-process with IIS, just like the ASP engine, and when a request is received that is mapped to the file extension associated with the ISAPI extension (typically .cfm and .dbm, although those can be changed in the IIS management console), the request is forwarded to the CF service for processing. IIS and NT security are used to determine whether the user can request the file in the first place. This happens before the request is forwarded to the CF service. So, you’ll generally follow the same procedure for securing CF applications with ACLs that you would with an ASP application. CF, by default, runs as a service using SYSTEM privileges.

0 CommentsAdd a Comment
What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.