Picking up on one part of Andrew's post On 18/08/2011 10:36, Andrew Scott wrote in part:
As for the Admin being accessible, I could argue that one still needs to apply the normal security measures on that anyway, especially if you require the Ajax and new UI features of the likes of cfGrid etc.
We have a dedicated website on each server which had very restricted access so that the full CFIDE admin area is well protected.
We make a copy of the CFIDE folder that has just the essential parts to make ajax and scripting, etc., work (IE at the minimum take out the /administrator/ folder) and then make that available as a /CFIDE virtual directory for each site. Then all of the exotic CF tags work and there is a much lesser security risk.
-- Yours, Kym Kovan mbcomms.net.au -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
