> What should we do to allow CFChart to function without opening a > security hole?
What we do is this. 1. Duplicate the CFIDE directory in full. 2. In the duplicate, remove the administration folders altogether. 3. In all but the CFAdmin site itself on the server (which should really not be accessible over the web), map the CFIDE to the version that no longer contains the admin folder. This stops no end of possible security threats before they can start and if this had been implemented on your server would probably have stopped the hack from being successful. Paul ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354287 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm