I got you - I thought you were going to remove the mapping from the root site and the allowed Web Service Extensions. Removing from the other sites should work just fine as long as no one else allows is allowed to modify them :)
If you're really concerned about security, you can also secure it using NT authentication by creating a separate application pool and giving it a different identity than the default. Then you can secure your CFMX and web root directories so that only that identity has the rights to read them. Then you configure your site to use that app pool and the CFMX Service to use that identity. That's obviously a much more complex solution and can be a PITA to set up, but if you're truly paranoid, it can be worth the effort. Roland -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dawson, Michael Sent: Sunday, April 03, 2005 9:33 PM To: [email protected] Subject: RE: [CFCDev] Load Balancing CF7 Standard on Windows 2003 Thanks, Roland. I am the *only* CF developer on campus. Our new IT mgt is wanting to put a bunch of other web sites on the same server that currently houses *only* our intranet (cf-based) and our internet (asp-based) sites. I don't want any other sites, other than the ones I develop, to be able to run CF pages. Mainly because of the single instance and the lack of sandboxes. I had planned on removing the cfm mappings on the "other" web sites just so they can't actually run *any* CF code at all. What do you suggest so that no one else can execute any cfm pages? Also, do I need to worry about the FileSystemObject? I certainly don't want anyone to get into my files using any other technology. I have gone from a comfortable dedicated server to a scary shared server. Thanks MAD -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roland Collins Sent: Sunday, April 03, 2005 7:16 PM To: [email protected] Subject: RE: [CFCDev] Load Balancing CF7 Standard on Windows 2003 That's exactly the configuration we run, with several servers in the WLB cluster. It works (and has worked) perfectly for us for four or more years. As long as you don't mind using affinity, which is required if you use CF Sessions, you shouldn't have any problems. Removing the cfm mapping could cause problems - IIS needs to know how to process that file in order to call CF. Why would you want to remove the mapping? There are other (better) ways of preventing other sites from accessing a given site on IIS. Roland ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). An archive of the CFCDev list is available at www.mail-archive.com/[email protected] ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
