I'm not a stringent believer in no public access for something like the Cfadmin. A lot of the time it may be necessary.
Here's a few possible steps for just the CF Admin. - no shared users, so users aren't sharing the "admin" user password. Cf10, has some better logging to track what each user does when logged in. But a good idea on other versions. - Cf admin doesn't have minimum password requirements, but strongly encourage users to have long and complex passwords. Users can use something like KeyPass so they don't have to remember the complex password. - create a new web site running on a non common port, just for the admin and use windows firewall to block access to that port, except for ip addresses of you choosing. So like, https://200.200.200.200:6321/CFIDE... Another option, might be a second site that runs on 127.0.0.1 and create windows users and allow RDP for those users, and also use windows firewall to restrict access to Rdp. Which you should do anyhow. But this means users have server access. Might want to sign up for Adobe security bulletins as well, so you can stay on top of patches. Byron Mann Lead Engineer and Architect Hostmysite.com On Sep 5, 2012 2:52 PM, "Rob Voyle" <[email protected]> wrote: > > Hi Folks > > Several folk have suggested making the cf admin login inaccessible to the > general public. > > Currently my wesite VPS coldfuion admin is accessible via > IP/CFIDE/administrator > And also via Remote Desktop connection. > Both require usernames and passwords > > What is the best way to protect the CF administration from hackers > > Thanks > Rob > > Robert J. Voyle, Psy.D. > Director, Clergy Leadership Institute > For Coaching and Training in Appreciative Inquiry > Author: Core Elements of the Appreciative Way > http://www.clergyleadership.com/ > 503-647-2378 or 503-647-2382 > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:5917 Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-newbie/unsubscribe.cfm
