> -----Original Message----- > From: Tony Hicks [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 14, 2006 1:10 PM > To: CF-Talk > Subject: CFC Security Flaw > > I'm having a problem right now... > > I've setup a subdomain for an API for functions of my site. > api.domain.com. > > The web service url is something like > api.domain.com\folder\functions.cfc?wsdl
Since you appear to have control over the server I highly recommend that you protect the CFAdmin folder using operating-system-level protection as well. That way you'll still get errors in this case (it's okay to give errors when somebody does something they're not supposed to) but you'll get a stronger OS-level security on the folder. You should also be able to mask the folder to specific IP addresses only (many people restrict it to local console access only) and so forth. Remember: the CF Admin is just a web application - you should protect it like you would any other one with those kinds of capabilities. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:232224 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
