> directory-based security (like an .htaccess file - ours
> actually points to an ldap server) to lock down the
> CFIDE/administrator directory. However, this can only
> be accomplished by serving the CF administrator through an
> enterprise web server (Apache, SunOne, etc), rather than the
> built-in Jrun HTTP server. Without hacking the CF administrator
> app and rewriting it, or removing CF Administrator all together,
> is there any other way to wrap security around it? What are
> others doing? Surely I'm not the only one to face this issue(?)
If you want to limit access to the CF Administrator, you can either run it
through an external web server, or limit the IP addresses from which the
JRun web server will accept connections.
> To make matters even more tricky, the use of JRUN clustering
> requires that the CF administrator be served through the JRUN
> http server (instead of Apache or SunOne) There's no way to
> connect a web server to a single JRUN instance inside a cluster
> :-) Since I can't use clustering w/out JRUN http server, and
> jrun http server has no security mechanism (that I know of),
> I'm up a creek.
You can connect each instance to a separate external virtual web server, and
connect the cluster itself to another external virtual web server. At least,
I've done this with CFMX on IIS. Generally, though, I use the JRun web
server to manage cluster members, and limit access to each CF Administrator
to the server console.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
