Thanks Andrew & Charlie I will go read the doc and if I have any further questions will reply back.
regards Joel On Tue, Feb 24, 2015 at 9:01 AM, Charlie Arehart <charlie_li...@carehart.org > wrote: > Or the CF10 one, still at: > > > http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf > > BTW, Joel, do be very careful about how you “we setup a copy of the CFIDE > in a diff location and only keep files/folders that are required for > general use by websites for cfforms etc..”.There’s a grave risk that an > update to CF would update the “official folders” and you may not think to > “copy again” the files to the “different location”. > > Far better is for you to create a virtual directory (in IIS or Apache) and > point that to the “real” CFIDE/scripts, and then put that VD into the CF > Admin’s Settings page, as the “default scriptsrc directory” (but do > remember to do that for ALL sites, including any sites that really do still > serve the full CF Admin). > > Both points are discussed in the lockdown guide itself. BTW, you may want > to consider looking at the CF11 one, as Pete took some feedback and tweaked > the guide to deal with some common challenges people were having in working > through it (see mention of this in Appendix section a.13, though it doesn’t > detail all the changes). Those were not rolled back into the 10 guide. > > HTH. > > /charlie > > > > *From:* cfaussie@googlegroups.com [mailto:cfaussie@googlegroups.com] *On > Behalf Of *Andrew Myers > *Sent:* Monday, February 23, 2015 4:46 AM > *To:* cfaussie@googlegroups.com > *Subject:* Re: [cfaussie] Coldfusion 11 CFIDE lock down > > > > Hi Joel, > > Is this what you're after? > > http://www.adobe.com/go/cf11-lockdown-guide > > Regards > Andrew > > > > On Mon, 23 Feb 2015 7:38 pm Joel Nath <joel.n...@gmail.com> wrote: > > Hi Guys > > Was looking for suggestion on locking down CFIDE on CF ENT 11 ? > > What folder/files are required to be public accessible under CFIDE in CF 11 > > Based on past experience, we setup a copy of the CFIDE in a diff location > and only keep files/folders that are required for general use by websites > for cfforms etc.. > > Does anyone have a updated list of files/folders that are required for > general use ? > > I had a link to a security document for CF 10 (i think from adobe), its > gone MIA > > Any suggestion/tips welcome > > regards > > Joel > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cfaussie+unsubscr...@googlegroups.com. > To post to this group, send email to cfaussie@googlegroups.com. > Visit this group at http://groups.google.com/group/cfaussie. > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cfaussie+unsubscr...@googlegroups.com. > To post to this group, send email to cfaussie@googlegroups.com. > Visit this group at http://groups.google.com/group/cfaussie. > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cfaussie+unsubscr...@googlegroups.com. > To post to this group, send email to cfaussie@googlegroups.com. > Visit this group at http://groups.google.com/group/cfaussie. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
