Or just move the CFIDE directory out of the web root. mv /var/www/html/CFIDE /opt/coldfusion
Viola. Sides, in a shared environment, you can lock CF down to a private username, disable the needed tags (CFREG and CFFILE if you desire) and your pretty locked down. The "registry" is nothing more than a flat text file used for configuration guidelines like the httpd.conf, smb.conf, etc files. Nothing 'special' about it. Yes, it stores a hashed password on it. That's why in a shared environment, it is important to evaluate what tags you would like to 'not use'. Yes, this is not a perfect solution, however, it is currently the only option available. -Jesse -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Friday, October 12, 2001 4:38 PM To: CF-Linux Subject: RE: CFFILE usage on a shared CF server > Hrm. I was referring more to the fact that a 'registry' was > used in Linux as well. And that there is a script floating > around that someone with shared access can upload, and then > run, and output the cfserver's admin password to the browser... > I didn't mean that cfregistry was bad, or that windows was > bad (tho I prob. thought that one <g>), but that since there > is no Adv. Sec. for CFLinux, to not allow this tag to be > available if you're gonna share CFLinux Hosting... Well, I don't have a lot of experience with CF on Linux, but if it's like it is on Solaris, the "registry" is just a text file that CF uses to store its configuration info. This isn't used by anything other than CF. I agree with you that you might want to disable CFREGISTRY if you're setting up a shared host. Rather than relying on the CF Administrator password for security, you might be better off simply setting up the CF Administrator to run on a separate, protected virtual server using .htaccess and SSL to prevent unauthorized users getting into it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
