I make a copy of the cfide folder and -- on the copy -- remove any potentially nasty stuff, like the /administrator/ portion of the folder tree. Then I map this sanitized copy to the web root of each virtual site using IIS' virtual directory feature in IIS manager.
The default web site on the server does point to the real cfide folder, which contains CF Administrator. For starters I stop the default web site; only enabling it when I need to use Administrator, and then disabling it immediately afterwards. Other mighty smart things to do are to install CF as a user other than localSystem, and only give that user the permissions they need so that CF can do its job. I've heard of making CFAdmin accessible on a port other than 80 but haven't tried that. Sounds like a plan for this afternoon. Happy Friday (46 miutes after SoBig.F Phase2) so far, -- ------------------------------------------- Matt Robertson, [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com ------------------------------------------- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
