Personally I have the admin portion secured, but still within the same app, unless for some reason massive security is needed, in which case you'd want a separate server.
But for any "normal" app, you can secure it just fine with an /admin folder using Application.cfc and not being stupid about variables and remote functions. In my CMS that's the approach I've taken, the admin section has its own Application.cfc with its own settings, and it would be very easy to limit access to a certain IP-range (Such as your VPN) in addition to the separate login function. On Monday, August 25, 2014 5:02:03 PM UTC-5, Jason Allen wrote: > > Hi All, > > I need some input on my plan to create an 'admin' component for my app. > > I don't want to expose any of the administrative functions to the public > app. > > My idea is to create a 'private only' (accessible via vpn) version of the > website. This website will be the public app + additional administrative > functions. > > I have all of the admin functions contained to a folder '/admin' > > In here are additional cfc's, forms, displays, etc. that relate to > managing users and site features. > > Anytime I update the public app, I can just deploy it over the admin app > because it won't overwrite the admin folder (since it's not part of the > app). > > Does this make sense? > > Another way to say it is that the 'full app' includes the /admin files, > and I'll deploy the public app without that folder. > > Eh? > -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
