I always put it (and it alone) on a separate virtual host, so it can't be accessed from the main application host. Then you can control that host however you want, whether it's forcing SSL, only allowing access from localhost, or whatever.
cheers, barneyb On Fri, 14 Jan 2005 13:33:15 -0800, John Munyan <[EMAIL PROTECTED]> wrote: > Hi, I have been searching around the internet looking for how best to secure > cfadmin. The prescribed method is to either remove cfadmin, or to protect it > via file level security. Is there a cf-talk best practice for this, lessons > learned etc. I would certainly love to hear how others have locked this > down. It would be ideal if it could be run local to the ColdFusion box, but > not remotely. Any luck with such a configuration? The server itself with > w2k3 iis6. > > Thanks, > > John -- Barney Boisvert [EMAIL PROTECTED] 360.319.6145 http://www.barneyb.com/ Got Gmail? I have 8 invites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware: a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:190802 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
