On Tuesday 11 Mar 2003 09:45 am, Shahzad.Butt wrote: > Does someone know how to lock down Coldfusion Server? Idea is that we > are going to be on internet through https. Now we need to secure our > server. We'd already locked down IIS etc, only bit left is to secure > Coldfusion Server. What sort of vulnerabilities we can have through our > CFMX server.
Uninstall the example apps and doc's (cfdocs dir). Limit acces to the CFIDE/administrator dir (CFIDE needs to be world accesable if using cfform). Set at least on deduging IP (127.0.0.1 is good), and ensure debugging is off. Never read the logs via the administrator. -- Tom C "Land of the free, home of the brave... you have to be brave to live there and enjoy the freedoms" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
