> Best solution (IMO) and pretty painless to implement - just disable > anonymous access to the "administrator" folder either in IIS or using > .htaccess with Apache. You can still access it from anywhere you > want but you don't have to worry so much about being hacked. (unlessy > ou truly don't care about running an insecure server)
With IIS, you may have to do a bit more than simply make the folder unavailable through anonymous access, as the ISAPI filter installed by CF will automatically respond to any URL containing /CFIDE/administrator/index.cfm, whether that actually resolves or not! Details on how to prevent this are in the CF 9 Lockdown Guide on the Adobe site. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340257 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
