Update: ColdFusion Sandbox Security on Windows

Allaire reports that when ColdFusion Advanced Security Sandbox is configured, processes created with do not inherit the Sandbox security context. Instead executes with the security context of the ColdFusion Service. This is the "System" account by default.

"Web Hosting providers, particularly, are advised to disable the tag if they rely on Sandbox Security to restrict users' access based on Windows NT Domain accounts."

Affected Software Versions:

ColdFusion 4.5 Enterprise Edition on Windows, ColdFusion 5 Enterprise Edition on Windows Read about it at http://www.allaire.com/Handlers/index.cfm?ID=22237