Yes, I'm sure I'm doing quite a few things wrong when it comes
to the server.  I don't have any formal education in any of this,
just figuring it out as I go.  Between help from others, like yourself,
and what material I find to read, I'm able to figure most things out,
but I haven't found much that gives me a step-by-step on configuring
Windows 2000 Server.

I'll contact you off-list and definitely accept your help!

Thanks for your help and insight so far.

Rick


    >  -----Original Message-----
    >  From: samcfug [mailto:[EMAIL PROTECTED]
    >  Sent: Sunday, March 16, 2003 1:32 AM
    >  To: CF-Talk
    >  Subject: Re: OT Domain registration
    >
    >
    >  ----- Original Message -----
    >  From: <[EMAIL PROTECTED]>
    >  To: "CF-Talk" <[EMAIL PROTECTED]>
    >  Sent: Saturday, March 15, 2003 11:30 PM
    >  Subject: Re: OT Domain registration
    >
    >
    >  | After looking at the URL, GoDaddy is hosting the domain and simply
    >  | putting up a frame src with whatever you type in apparently.
    >  |
    >  | <html><head><title>www.BodafordHomes.com</title></head>
    >  | <frameset rows="100%,*" border="0">
    >  | <frame src="http://66.79.46.138/cfdocs/rea/index.cfm";
    >  frameborder="0">
    >  | <frame frameborder="0" noresize>
    >  | </frameset>
    >  | </html>
    >  |
    >
    >  Actually by using this method of domain masking, you have
    >  created a big security
    >  hole on your server.
    >  For example:
    >  http://66.79.46.138/cfdocs/eal/index.cfm   gets you to your
    >  "bodafordHomes"
    >  index page.
    >
    >  If you trim the URL back a little to say,
http://66.79.46.138/cfdocs   You are
giving public access to your CF docs directory, your CF Administrator and
your
CF sample applications, which really have no business on a web server.

If you trim back a little further to http://66.79.46.138  then you get the
default web site of GoLiberty online.
( which is a really nice site too!)

The next consideration is if you ever want to provide your clients with a
statistics report, you will not be able to, except for the default web site,
and
it will include all the sub-directories under it making it inaccurate.

By setting up each of the sites as virtual sites, you can turn off your
default
web site, except for the short periods of time when you need to access CF
administrator to change something or add an ODBC connection, etc. and then
turn
it off.  An alternative would be to place a JavaScript redirect which sends
the
visitor to your own personal web site, which can also be a virtual site.
This
puts a small road block in the path of the intruders.  You will also
facilitate
the search engines efforts in indexing your sites.  ColdFusion will continue
to
work just fine with virtual web sites too. (assuming CF 5.0 or earlier.)
CFMX
is another animal altogether.




=====================================
Douglas White
group Manager
mailto:[EMAIL PROTECTED]
http://www.samcfug.org
=====================================


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
                                

Reply via email to