Are there a best practices for securing the CF Administrator
application in the Enterprise? I'm working with MX 6.1 (J2ee/Jrun) on
Solaris, but the question is really a more general one.
I work with a client whose security policies forbid any dependencies
on shared passwords. While this policy is a pain in the neck, it
doesn't seem entirely unreasonable. What this means for me is that
the standard CF admin password won't suffice. To meet the
requirement, we've been using web server directory-based security
(like an .htaccess file - ours actually points to an ldap server) to
lock down the CFIDE/administrator directory. However, this can only
be accomplished by serving the CF administrator through an enterprise
web server (Apache, SunOne, etc), rather than the built-in Jrun HTTP
server.
Without hacking the CF administrator app and rewriting it, or removing
CF Administrator all together, is there any other way to wrap
security around it? What are others doing? Surely I'm not the only
one to face this issue(?)
To make matters even more tricky, the use of JRUN clustering requires
that the CF administrator be served through the JRUN http server
(instead of Apache or SunOne) There's no way to connect a web server
to a single JRUN instance inside a cluster :-) Since I can't use
clustering w/out JRUN http server, and jrun http server has no
security mechanism (that I know of), I'm up a creek.
Anyway I'm interested to see what others are doing. Any advice or
experiences you're willing to share are appreciated.
-Ben
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
