ColdFusion 7.x Administrator Security Tips

Posted At : December 18, 2006 9:51 PM | Posted By : D K
Related Categories: Security,ColdFusion

The first article I have laying around is a basic concept of locking down the ColdFusion Administrator. This is probably a draft version of a living document so feel free to shoot me any comments or tips of your own to add!

FYI- It assumes you are using ColdFusion 7.x on IIS 5 or 6. The bulk of my experience lies there, so if you have another configuration please enlighten me!

Comments (2) | Send | del.icio.us | Digg It! | Linking Blogs | 405 Views
Comments
[Add Comment]
Mark W's Gravatar how come only shared hosts you would remove passwords?
# Posted By Mark W | 12/19/06 2:11 PM
DK's Gravatar If you're on a shared host there is a chance someone could exploit your datasource from the same host. If your host uses Sandbox Security its likely not an issue. If you put the u/n and password directly in the code pages for your mail you move the issue to a physical security breach which is likely outside the scope of a developer's job (usually !).

Its kind of passing the buck I guess, but thats like 20% of IT, proving it wasn't your quadrant causing the problem :P
# Posted By DK | 12/19/06 2:16 PM
[Add Comment]