Skip to main content
Inspiring
November 11, 2006
Question

Security, Security, Security

  • November 11, 2006
  • 3 replies
  • 707 views
I run a half dozen, generic Coldfusion/MS Access dynamic websites for clients that contract with me. I used CFmx advanced, shared plan servers at CT. I have recently become more concerned with the level of security that I am protecting thier data with.

Can anyone summarize, or share with me, the various methods that use to safegaurd website information. These might include safegaurding the database directory (which is below root), protecting the databse files, the datasource, etc.

I sure would appreciate assembling the best ideas from everyone, and this post might serve to educate a lot of other people on shared servers also in the future.

Stephen
Tallahassee, FL
    This topic has been closed for replies.

    3 replies

    Participant
    May 10, 2013

    I need the kind of help you provide I think? I need resources to run check on my computer before I alow things to migrate to other equipment.

    November 13, 2006
    1. Store Access databases outside of web root.
    2. Run CF not as Local Account but as a specific user ( http://www.adobe.com/devnet/coldfusion/articles/cf7_security_04.html)
    3. Change CF Admin password frequently and make it as complicated as possible.
    4. Check your code against SQL Injection attacks. Good article by ben Forta on this http://coldfusion.sys-con.com/read/165921.htm
    5. Go to ColdFusion Security Center, there are bunch of articles out there on Security issues. One other I would recommend is http://www.adobe.com/devnet/security/articles/topten_tips.html
    6. Make sure that your FTP users passwords are secured. Also if you use RDC or Terminal Services, make sure that you restrict IPs that can connect to the servers.

    And last but definately not least - do not use MS Access in production!
    Participant
    May 10, 2013

    How can you explain a way to do a simple search given suspcious script. I am dyslexic and I would feel better if I knew that joining the creative cloud did not compromise the security.  I appreciate this forum I get lost in the terminology and find this overwelming. I need clear instructions all I want to do is have some credibility with this concern and somehow screen shots has weird keys to hit what does suspicious script look like? I don't need to read volumes there must be an ap a program a search.  I think I may have messed up my server connections already. I appreciate all the help I can get. Pictures are good just act like you helping a grandma with limited comprehension who wants to get creative and stop fiddling under the hood. I need basics like is adobe from microsoft and compatable with my mac mini. or like have I inadvertantly downloaded creative suite more than once.

    November 11, 2006
    Sure Stephen,
    This is the very best method I can recommend :

    1. Open your browser
    2. Search for "Security, coldfusion, database..." on google, adobe forum...
    3. Read, implement and test anything you can

    Everybody here will for sure appreciate if you can post a detailled resume of your work.
    Thanks in advance for your contribution.

    Chris
    sbsmithflAuthor
    Inspiring
    November 12, 2006
    ???????