One good way to prevent attacks on the CFIDE administrator folder is to simply disallow anonymous access (IIS) or use a .htaccess file (Apache) to require external authentication.
You could also restrict access to the administrator directory to certain IP addresses. Rick On 2/24/07, Steve Milburn <[EMAIL PROTECTED]> wrote: > > Hi all > > What do most people do to secure their CFIDE directory? How do you > prevent people from going to http://your_server_ip/cfide/administrator > and trying to hack your server? I've read various methods such as > moving the cfide folder, or having it only accessible by using > ColdFusions internal web server. I was hoping to get some feedback from > what others most commonly do. > > It is important, obviously, the current applications are still able to > access scripts used by cfform, and still have access to the ColdFusion > admin API. > > Thanks in advance. > --- > --- > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2. Free Trial http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270629 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
