> From: Richard G Curry [mailto:[email protected]] > Subject: RE: Protecting static resources in IIS
> > > > From: Rob Gregory [mailto:[email protected]] > > > > Subject: RE: Protecting static resources in IIS > > > > Would that then result in having to run Tomcat/Apache/IIS as > > > > root/system rather than a restricted user? > > > Yes. > > That sounds like a really bad idea. > How so? What am I missing? Basic security philosophy, known as the principle of least privilege. Running as root/system is like walking around with a "kick me" sign; just wait till the hackers break into your IIS box running that way... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
