Oh yeah, I left out; a decent firewall, and a properly configered DMZ / Zones / network and maybe IDS (www.Snort.org is cool) and decent passwords.....
looking at CFMX server then alone (ie without your code...) Disable / remove RDS, Run it under a user account which only has the needed permissions. Apply all patches. Also think of CFMX as a Java application, it is. I've been meaning to check out the J2ee/java version of "hacking exposed" anyone read it? http://www.amazon.co.uk/exec/obidos/ASIN/0072225653/ref=sr_aps_books_1_1/026 -9749361-5814842 Also cfmx contains versions of the following AXIS Verity j-intragra log4j etc. etc. and of course Jrun (or what ever java container) + a JDK issues So any issues that apply to these may apply to CFMX regards WG -----Original Message----- From: webguy [mailto:[EMAIL PROTECTED] Sent: 30 June 2003 17:58 To: CF-Talk Subject: RE: Questions about security Secure Windows - get the O'reilly book http://www.oreilly.com/catalog/securwinserv/ http://www.microsoft.com/security/ Secure IIS - http://www.iisfaq.com/default.aspx?view=P142 Secure SQL server -http://www.sqlsecurity.com/DesktopDefault.aspx Use database roles etc.. Secure CFMX - http://www.macromedia.com/devnet/security/security_zone/ Secure your application. e.g. http://secinf.net/websecurity/ CF specific - http://www.macromedia.com/support/coldfusion/technotes.html [short list] Possibly encrypt your data, or build a write only database table. For example you will probably never need to show a credit card number on a website (maybe some of it - last 5 digits), but will need to use it on a back end. Use a different database role to read it. WG -----Original Message----- From: Eric Creese [mailto:[EMAIL PROTECTED] Sent: 30 June 2003 17:35 To: CF-Talk Subject: Questions about security I have some questions about CFMX security, loop hole, pit falls and configuration. I have two Win2k clustered servers that will contain membership data that will be stored in SQL Server DB on a third server. I need to insure that I will not be hacked. Is there any particular configuration that is recommended or issues? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4