> I had originally set up my Website Pro/Cold Fusion server
> with the /CFIDE directory protected by access control (user
> name/password). I figured this would be an extra level of
> security, but recently I realized that the Java.cab files
> are stored in /CFIDE/classes. Is it safe to leave the /CFIDE
> open, or should I set up a special access control for the
> /classes subdirectory?
If you can, set up the CF Administrator to run on a separate virtual
server - ideally one that isn't accessible from the outside world, or any
insecure network, and one that's protected with SSL if possible. Then, set
up two separate CFIDE directories: one with the Administrator directory, one
without it. Map the one with the Administrator directory to your secure
virtual server, and map the other to all your public virtual servers.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
