RE: [cfaussie] Coldfusion 11 CFIDE lock down
Or the CF10 one, still at: http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf BTW, Joel, do be very careful about how you “we setup a copy of the CFIDE in a diff location and only keep files/folders that are required for general use by websites for cfforms etc..”.There’s a grave risk that an update to CF would update the “official folders” and you may not think to “copy again” the files to the “different location”. Far better is for you to create a virtual directory (in IIS or Apache) and point that to the “real” CFIDE/scripts, and then put that VD into the CF Admin’s Settings page, as the “default scriptsrc directory” (but do remember to do that for ALL sites, including any sites that really do still serve the full CF Admin). Both points are discussed in the lockdown guide itself. BTW, you may want to consider looking at the CF11 one, as Pete took some feedback and tweaked the guide to deal with some common challenges people were having in working through it (see mention of this in Appendix section a.13, though it doesn’t detail all the changes). Those were not rolled back into the 10 guide. HTH. /charlie From: cfaussie@googlegroups.com [mailto:cfaussie@googlegroups.com] On Behalf Of Andrew Myers Sent: Monday, February 23, 2015 4:46 AM To: cfaussie@googlegroups.com Subject: Re: [cfaussie] Coldfusion 11 CFIDE lock down Hi Joel, Is this what you're after? http://www.adobe.com/go/cf11-lockdown-guide Regards Andrew On Mon, 23 Feb 2015 7:38 pm Joel Nath joel.n...@gmail.com wrote: Hi Guys Was looking for suggestion on locking down CFIDE on CF ENT 11 ? What folder/files are required to be public accessible under CFIDE in CF 11 Based on past experience, we setup a copy of the CFIDE in a diff location and only keep files/folders that are required for general use by websites for cfforms etc.. Does anyone have a updated list of files/folders that are required for general use ? I had a link to a security document for CF 10 (i think from adobe), its gone MIA Any suggestion/tips welcome regards Joel -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
[cfaussie] Coldfusion 11 CFIDE lock down
Hi Guys Was looking for suggestion on locking down CFIDE on CF ENT 11 ? What folder/files are required to be public accessible under CFIDE in CF 11 Based on past experience, we setup a copy of the CFIDE in a diff location and only keep files/folders that are required for general use by websites for cfforms etc.. Does anyone have a updated list of files/folders that are required for general use ? I had a link to a security document for CF 10 (i think from adobe), its gone MIA Any suggestion/tips welcome regards Joel -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
Re: [cfaussie] Coldfusion 11 CFIDE lock down
Hi Joel, Is this what you're after? http://www.adobe.com/go/cf11-lockdown-guide Regards Andrew On Mon, 23 Feb 2015 7:38 pm Joel Nath joel.n...@gmail.com wrote: Hi Guys Was looking for suggestion on locking down CFIDE on CF ENT 11 ? What folder/files are required to be public accessible under CFIDE in CF 11 Based on past experience, we setup a copy of the CFIDE in a diff location and only keep files/folders that are required for general use by websites for cfforms etc.. Does anyone have a updated list of files/folders that are required for general use ? I had a link to a security document for CF 10 (i think from adobe), its gone MIA Any suggestion/tips welcome regards Joel -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
Re: [cfaussie] Coldfusion 11 CFIDE lock down
Thanks Andrew Charlie I will go read the doc and if I have any further questions will reply back. regards Joel On Tue, Feb 24, 2015 at 9:01 AM, Charlie Arehart charlie_li...@carehart.org wrote: Or the CF10 one, still at: http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf BTW, Joel, do be very careful about how you “we setup a copy of the CFIDE in a diff location and only keep files/folders that are required for general use by websites for cfforms etc..”.There’s a grave risk that an update to CF would update the “official folders” and you may not think to “copy again” the files to the “different location”. Far better is for you to create a virtual directory (in IIS or Apache) and point that to the “real” CFIDE/scripts, and then put that VD into the CF Admin’s Settings page, as the “default scriptsrc directory” (but do remember to do that for ALL sites, including any sites that really do still serve the full CF Admin). Both points are discussed in the lockdown guide itself. BTW, you may want to consider looking at the CF11 one, as Pete took some feedback and tweaked the guide to deal with some common challenges people were having in working through it (see mention of this in Appendix section a.13, though it doesn’t detail all the changes). Those were not rolled back into the 10 guide. HTH. /charlie *From:* cfaussie@googlegroups.com [mailto:cfaussie@googlegroups.com] *On Behalf Of *Andrew Myers *Sent:* Monday, February 23, 2015 4:46 AM *To:* cfaussie@googlegroups.com *Subject:* Re: [cfaussie] Coldfusion 11 CFIDE lock down Hi Joel, Is this what you're after? http://www.adobe.com/go/cf11-lockdown-guide Regards Andrew On Mon, 23 Feb 2015 7:38 pm Joel Nath joel.n...@gmail.com wrote: Hi Guys Was looking for suggestion on locking down CFIDE on CF ENT 11 ? What folder/files are required to be public accessible under CFIDE in CF 11 Based on past experience, we setup a copy of the CFIDE in a diff location and only keep files/folders that are required for general use by websites for cfforms etc.. Does anyone have a updated list of files/folders that are required for general use ? I had a link to a security document for CF 10 (i think from adobe), its gone MIA Any suggestion/tips welcome regards Joel -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups cfaussie group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.