I do something similar to this. Non of my CF sites are in Inetpub. The default site goes to c:\mycfcode or somethign like that. I set up a specific subdomain for the CF Administrator and that's the only site that goes to Inetpub with a web page that says only "hello." No dir listing enabled. You have to know the URL and the CFIDE path to get in. Also security by obscurity.
Mik At 01:24 PM 2/25/2007, you wrote: >Another method I employ on top of the others mentioned, is to have the web >server listen for a domain that has no DNS server, and edit my HOSTS file to >point to the correct IP address. A little bit of security by obscurity on >top of the other methods mentioned. > >On 2/25/07, Rey Bango <[EMAIL PROTECTED]> wrote: >> >> Along with what Rick & Rob suggested, you can also have CFIDE work via >> non-standard port. So you could have something like: >> >> http://www.mysite.com:8600/cfide/administrator/index.cfm >> >> That way its not listen via port 80. Couple that with the suggestions >> that were given before and I think you'll be fine. >> >> Rey >> >> Steve Milburn wrote: >> > Hi all >> > >> > What do most people do to secure their CFIDE directory? How do you >> > prevent people from going to http://your_server_ip/cfide/administrator >> > and trying to hack your server? I've read various methods such as >> > moving the cfide folder, or having it only accessible by using >> > ColdFusions internal web server. I was hoping to get some feedback from >> > what others most commonly do. >> > >> > It is important, obviously, the current applications are still able to >> > access scripts used by cfform, and still have access to the ColdFusion >> > admin API. >> > >> > Thanks in advance. >> > --- >> > --- >> > >> > >> > >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270638 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
