Thanks Andrew Charlie
I will go read the doc and if I have any further questions will reply back.
regards
Joel
On Tue, Feb 24, 2015 at 9:01 AM, Charlie Arehart charlie_li...@carehart.org
wrote:
Or the CF10 one, still at:
http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf
BTW, Joel, do be very careful about how you “we setup a copy of the CFIDE
in a diff location and only keep files/folders that are required for
general use by websites for cfforms etc..”.There’s a grave risk that an
update to CF would update the “official folders” and you may not think to
“copy again” the files to the “different location”.
Far better is for you to create a virtual directory (in IIS or Apache) and
point that to the “real” CFIDE/scripts, and then put that VD into the CF
Admin’s Settings page, as the “default scriptsrc directory” (but do
remember to do that for ALL sites, including any sites that really do still
serve the full CF Admin).
Both points are discussed in the lockdown guide itself. BTW, you may want
to consider looking at the CF11 one, as Pete took some feedback and tweaked
the guide to deal with some common challenges people were having in working
through it (see mention of this in Appendix section a.13, though it doesn’t
detail all the changes). Those were not rolled back into the 10 guide.
HTH.
/charlie
*From:* cfaussie@googlegroups.com [mailto:cfaussie@googlegroups.com] *On
Behalf Of *Andrew Myers
*Sent:* Monday, February 23, 2015 4:46 AM
*To:* cfaussie@googlegroups.com
*Subject:* Re: [cfaussie] Coldfusion 11 CFIDE lock down
Hi Joel,
Is this what you're after?
http://www.adobe.com/go/cf11-lockdown-guide
Regards
Andrew
On Mon, 23 Feb 2015 7:38 pm Joel Nath joel.n...@gmail.com wrote:
Hi Guys
Was looking for suggestion on locking down CFIDE on CF ENT 11 ?
What folder/files are required to be public accessible under CFIDE in CF 11
Based on past experience, we setup a copy of the CFIDE in a diff location
and only keep files/folders that are required for general use by websites
for cfforms etc..
Does anyone have a updated list of files/folders that are required for
general use ?
I had a link to a security document for CF 10 (i think from adobe), its
gone MIA
Any suggestion/tips welcome
regards
Joel
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cfaussie+unsubscr...@googlegroups.com.
To post to this group, send email to cfaussie@googlegroups.com.
Visit this group at http://groups.google.com/group/cfaussie.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cfaussie+unsubscr...@googlegroups.com.
To post to this group, send email to cfaussie@googlegroups.com.
Visit this group at http://groups.google.com/group/cfaussie.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cfaussie+unsubscr...@googlegroups.com.
To post to this group, send email to cfaussie@googlegroups.com.
Visit this group at http://groups.google.com/group/cfaussie.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cfaussie+unsubscr...@googlegroups.com.
To post to this group, send email to cfaussie@googlegroups.com.
Visit this group at http://groups.google.com/group/cfaussie.
For more options, visit https://groups.google.com/d/optout.