> > I am looking for a good reference on locking down CFIDE on IIS7. I > checked google, didn't see much on this topic... >
As a lot of CF functionality requires the CFIDE folder, this is what I do. 1. Create a duplicate of the CFIDE folder (in fact I have many for historical reasons)... e.g. D:\serverwide\CFIDE\MX\CFIDE\ D:\serverwide\CFIDE\MX7\CFIDE\ D:\serverwide\CFIDE\MX8\CFIDE\ 2. Remove the administrator folder from the duplicate entirely and any other folders you don't require for your site implementations. 3. Ensure that your CFIDE folder is fully up to date with patches. (e.g. the FCK connector patches). 4. Map the virtual directory for CFIDE to the relevant duplicated CFIDE folder. 5. The actual CFIDE folder can then be mapped to *ONLY* your admin site in IIS using a virtual folder and you can either protect the admin site with SSL and username/password authentication or make it accessible to localhost only. 6. Whenever you apply a CF updater or hotfix, remember to duplicate the files from the real CFIDE into your duplicate CFIDE for the specific version of CF ensuring you don't re-create the admin folders or others you've removed for your implementation. Paul ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325684 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
