> Someone should probably make an official "checklist"
> to run through when you setup a CF server.
How about these additions to said checklist:
In addition to removing the .htr mapping, also remove the mappings for any
other extensions that you won't be using on that server.
Like:
htw -- unless you're using the WebHits highligher
ida, idq, htr, idc -- unless you're using old-style Index Server access
asp, cer, cdx, asa -- unless you're also hosting ASP apps on that server
shtm, shtml, stm -- unless you're using Server Side Include files
printer -- WTF is this and why did IIS install it for Win2k?
You could probably also yank the dbm extension unless you have REALLY old CF
code lying around.
Basically your goal is to DISABLE any functionality of your server that
you're not currently using. The less junk you have running on the server,
the less chance someone will find a bug in part of the server you didn't
even know was there.
Granted, there's a fine and arcane art to disabling just the right things
without breaking any part of your server. You'd be best to play on a
production server that you can afford to trash & reinstall a few times if
need be. Certainly, though, deleting extensions for file types not used in
your sites (or your customer's sites for webhosts) is completely safe and a
good idea in general.
Best regards,
Zac Bedell
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
