Be careful, because CFFORM uses the scripts inside /CFIDE/scripts, so you can't just hide the whole directory. But the admin and stuff definitely shouldn't be web accessible. At the very least, set up a different vhost on the same IP where you get to it, but better to run it on an entirely different site with all the access control you can muster.
cheers, barneyb On 8/11/05, Munson, Jacob <[EMAIL PROTECTED]> wrote: > I have read 'best practices' somewhere that stated you should not have > the CFIDE open to /anyone/ on a public site. I guess you can't just > move it, because a lot of CF functionality relies on the stuff being > there, but you can and should use your web server to hide it from the > outside world. If you need your hosting customers to have access to the > CF admin panels (which live under CFIDE), you can give them access to > the functions they need using the admin api, and put your files in a > public location. -- Barney Boisvert [EMAIL PROTECTED] 360.319.6145 http://www.barneyb.com/ Got Gmail? I have 50 invites. ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). CFCDev is supported by New Atlanta, makers of BlueDragon http://www.newatlanta.com/products/bluedragon/index.cfm An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
