Well... if your code is crap the application log can be pretty dang big <g>.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 9:03 AM To: CF-Talk Subject: RE: Lockdown CFMX ">Never read the logs via the administrator." ????? I never heard this one before. Why not? Doug >-----Original Message----- >From: Thomas Chiverton [mailto:[EMAIL PROTECTED] >Sent: Tuesday, March 11, 2003 9:41 AM >To: CF-Talk >Subject: Re: Lockdown CFMX > > >On Tuesday 11 Mar 2003 09:45 am, Shahzad.Butt wrote: >> Does someone know how to lock down Coldfusion Server? Idea is that we >> are going to be on internet through https. Now we need to secure our >> server. We'd already locked down IIS etc, only bit left is to secure >> Coldfusion Server. What sort of vulnerabilities we can have >through our >> CFMX server. > >Uninstall the example apps and doc's (cfdocs dir). >Limit acces to the CFIDE/administrator dir (CFIDE needs to be >world accesable >if using cfform). >Set at least on deduging IP (127.0.0.1 is good), and ensure >debugging is off. > >-- >Tom C >"Land of the free, home of the brave... you have to be brave >to live there and >enjoy the freedoms" > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
