[EMAIL PROTECTED] wrote: > This is a request for a how-to guide or hints and tips for setting up > a ColdFusion MX shared hosting environment on Windows and/or Unix.
First, subscribe to the Macromedia security announcements service :-) Then, set it up like you would set up hosting without CF MX, then install CF MX and secure it like you normally would. Then: - disable the running of .jsp pages - disable RDS - switch on Sandbox Security - disable cfschedule, cfobject, cfregistry, cfexecute and createobject - set the sandbox filesystem permissions (same as for the FTP access) - set permissions on datasources - write a disk image to a WORM-mediun and put it in the safe Not much of a tutorial, but it has everything I can think of at the moment and then some more. Proper procedures for the different steps are in the manual or knowledgebase, the Sandbox Security thing is easily scriptable through the java.ColdFusion.Factory if you need to set up many accounts. The only tricky thing is that "secure it like you normally would" implies switching it to run under a not-default OS user account, which can have quite some implications depending on how your FTP, webserver and other scripting languages are set. But that is a matter of understanding your OS, not CF MX. Additionally, you might want to look into providing/running tools that allow a client to have a look at the error log for his site (moving it to a database and querying it is probably the easiest way), set up scheduled tasks (they are not a security risk in themselves, but giving clients direct access to cfschedule would allow them to manipulate eachothers tasks) and similar small maintenance stuff (purge client vars, requeue undelivered mail etc.). Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
