Another method I employ on top of the others mentioned, is to have the web server listen for a domain that has no DNS server, and edit my HOSTS file to point to the correct IP address. A little bit of security by obscurity on top of the other methods mentioned.
On 2/25/07, Rey Bango <[EMAIL PROTECTED]> wrote: > > Along with what Rick & Rob suggested, you can also have CFIDE work via > non-standard port. So you could have something like: > > http://www.mysite.com:8600/cfide/administrator/index.cfm > > That way its not listen via port 80. Couple that with the suggestions > that were given before and I think you'll be fine. > > Rey > > Steve Milburn wrote: > > Hi all > > > > What do most people do to secure their CFIDE directory? How do you > > prevent people from going to http://your_server_ip/cfide/administrator > > and trying to hack your server? I've read various methods such as > > moving the cfide folder, or having it only accessible by using > > ColdFusions internal web server. I was hoping to get some feedback from > > what others most commonly do. > > > > It is important, obviously, the current applications are still able to > > access scripts used by cfform, and still have access to the ColdFusion > > admin API. > > > > Thanks in advance. > > --- > > --- > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270635 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
