> Most of those ideas apply, I believe, but our server is a Unix system > with Apache so if nothing else no IUSR account.
Use .htaccess to secure the admninistrator folder. Alternatively, I have two copies of the CFIDE folder-- one with ALL the sub-folders that is ONLY mapped to my internal default site and cannot be accessed by anyone outside my network. And a second CFIDE folder where I have deleted the adminapi, administrator, componentutils, and wizards folders that I map to my external-facing sites. ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329588 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4