I use IIS / Apache to deny permission. While you're at it, you should probably deny remote access to /views, /model, /controller, etc.. Only allow public access to resources that are meant for it (images, css, js and index.cfm, etc).
HTH Dominic 2009/12/18 Chad Gray <cg...@careyweb.com> > > What keeps someone from loading up the model-glue XML file through their > browser? > > How should you protect it? > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329249 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
