But that would still mean it is insecure. It could stil be reached by typing in the visible IP (which I assume in this case is still public facing over normal means)
"This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -----Original Message----- From: Scott Stroz To: CF-Talk Sent: Sun Feb 25 18:24:56 2007 Subject: Re: Secure CFIDE Another method I employ on top of the others mentioned, is to have the web server listen for a domain that has no DNS server, and edit my HOSTS file to point to the correct IP address. A little bit of security by obscurity on top of the other methods mentioned. On 2/25/07, Rey Bango <[EMAIL PROTECTED]> wrote: > > Along with what Rick & Rob suggested, you can also have CFIDE work via > non-standard port. So you could have something like: > > http://www.mysite.com:8600/cfide/administrator/index.cfm > > That way its not listen via port 80. Couple that with the suggestions > that were given before and I think you'll be fine. > > Rey > > Steve Milburn wrote: > > Hi all > > > > What do most people do to secure their CFIDE directory? How do you > > prevent people from going to http://your_server_ip/cfide/administrator > > and trying to hack your server? I've read various methods such as > > moving the cfide folder, or having it only accessible by using > > ColdFusions internal web server. I was hoping to get some feedback from > > what others most commonly do. > > > > It is important, obviously, the current applications are still able to > > access scripts used by cfform, and still have access to the ColdFusion > > admin API. > > > > Thanks in advance. > > --- > > --- > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270636 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
