thing wrong, you can use LDAP written in Cold fusion to secure an
application. No, its not part of Windows or IIS per se, but yes
It works better than any of that Windows junk!
Thanks
L Marcus
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 30, 2003 8:42 PM
To: CF-Talk
Subject: RE: How to secure CF ADMIN PAGE
> I got Windows (IIS) to ask for a login but if you cancel it
> enough times it it just goes away and you can then get to
> the CF admin.
In that case, you haven't set it up correctly. You can certainly do this
using IIS and Windows filesystem ACLs, together, but you have to do it
correctly.
> What do I have To do write an LDAP app in CF? This seems
> silly. There must be a way to secure the CF Administration
> page using windows.
LDAP has nothing to do with this.
Assuming that your web server's root directory is c:\inetpub\wwwroot (which,
of course, it really shouldn't be), these steps (which may not be exact, as
I'm typing them from memory) should get you where you need to go:
1. Find your CFIDE directory in Windows Explorer within c:\inetpub\wwwroot.
2. Find the "administrator" subdirectory.
3. Right-click on that directory, and select "Properties".
4. Remove all rights for the IUSR_MACHINENAME, IWAM_MACHINENAME, "Everyone"
and "Authenticated Users" accounts and contextual groups, if they exist.
5. Within the IIS MMC, find your virtual server. Make sure there's no CFIDE
virtual directory for it, if in fact you have the physical directory CFIDE
within the web root folder already.
6. Open the CFIDE directory within IIS MMC, and find the administrator
subdirectory.
7. Right-click on it within IIS MMC, and select "Properties".
8. Select the "Directory Security" tab.
9. Disable "Anonymous" access, and enable either Basic or Windows
Authentication.
10. Cycle your virtual web server if necessary; in some cases, I've had to
actually reboot the server (!) to get permissions changes to take effect in
IIS.
It's worth noting that there are additional steps you can (and probably
should) take to secure access to the CF Administrator, such as configuring
it to run within its own virtual server, limiting access to that server to
allow only LAN access, requiring client certificates in conjunction with
HTTPS, and so on.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
________________________________
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
