running abyss as system service

[noamkrief]

My brother said he knows a guy who can easly make any executible run as a win2000 system service.
If it's not that hard, why doesn't abyss have a version that can run as a windows system service.

I love this webserver but it is annoying that the server shuts down everytime i log out and log in as a different user.
thanks guys
Noam

[Anonymoose]

http://www.aprelium.com/forum/viewtopic.php?t=1221

[noamkrief]

that's owesome! thanks
Now that abyss is running as a service, should i run the service as a restricted user just in case?
Is that an overkill?
thanks

[noamkrief]

i asked my friend who is a unix admin the question about me running abyss as a service now... here's his reply...

Your vulnerability for any service is as follows:

1) Can the service be hacked? Not just hacked, but controlled and or
shell produced from the hack. Most services have some type of
vulnerability to be able to shut it down (flooded). Whether script
kiddies can figure them out or not is the only question. So.... only a
problem if your service has an *exploitable* vulnerability.

2) What can they do if they gain access *through* that service? If you
are running the service as a *restricted user* then they will only have
the rights of that restricted user... this should be independent of who
is logged in at the console.

What did Dave just say? -- As long as your *service* is running as the
restricted user, it does not matter who you log in as. Caveat: If you
are web browsing / email viewing, etc on your machine and logged in as a
privileged user, any malicious code can cause damage to your system
files.


any comment? should we run abyss web server service as a restricted user just in case?