Skip to main content
G
Genos_Free
Participating Frequently
December 11, 2009
Question

Security.....

  • December 11, 2009
  • 3 replies
  • 366 views

I Know we should all know this but I will throw this out anyway.

I have been working in the LAN environment for over 10 years and I know that is not an excuse so before you guys blast me I pleed the dummy clause because I am.  🙂

If I have a website in the cloud that is hosed on an IIS webserver and CF 7+  where and how do I deal with the administrative login page so it is NOT available to the world so they can use a password hacker tool to get access to the administrative console?

This is easy I am sure and this is a noob question but again I pleed the 5th here.

Thanks in advance.

    This topic has been closed for replies.

    3 replies

    T
    TLC-IT
    Inspiring
    December 14, 2009

    These are very good suggestions.

    Also:  the CF8 server should be running from a fairly-restricted user-id; one that has been set aside just for this purpose.  File access, especially download targets, should be limited so that, even if the CF8 server has "temporarily been taken over by the evil Borg," the operating-system will not permit it to do anything that it "should" not do.  Ditto the database-server.

    "The mere fact that it is the ColdFusion server is issuing the request does not mean that the request should be honored.  (It could well have been "assimilated..." )

    The so-called principle of least privilege should be used throughout any public-facing application.  The computer is wonderful at enforcing rules.  But you must take care to place those boundaries just as close as you can.

    G
    Genos_FreeAuthor
    Participating Frequently
    December 11, 2009

    I was googling this and ran into this site.

    This was outstanding security infomation.

    http://blog.crankybit.com/notes-coldfusion-8-application-security/

    A
    Anonymous
    December 11, 2009

    You can limit it by IP restriction in IIS. Right-click on your website/cfide folder in IIS, Directory Security, IP address and domain name restrictions - edit, Add the IP's you want to allow into the cfide folder.Give that a shot, works for me.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices