Securing the CF administrator

Ask a Question related to Coldfusion Server Administration, Design and Development.

  1. tsongas #1

    Default Securing the CF administrator

    I'm looking for a way to better secure the CF administrator, which comes up at
    [url]http://www.domain.com/cfide/administrator/index.cfm[/url] because of the CFIDE
    virtual directory used for javascript includes. On shared servers, it is not
    practical for me to set permissions inside each site in IIS. I'd like to
    remove IUSER file system permissions from the CF administrator folder, so a
    Windows username and password is required to get to the CF admin login, but
    will that interfere with other sites on the server in any way?


    tsongas Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Securing web service
      Hi How can I make sure that no one else can call and receive data from my web methods? Thanks Regards
    2. Securing a directory
      Hi everyone, I just read an article that said that when you use a web.config file to secure a directory, all it can do is secure the asp.net...
    3. Securing MDBs
      I've got a webserver, IIS6, and an ASP application running on that server. The ASP validates users by their logon name so for this particular...
    4. Securing Images
      yes, put the images you use in your login page in a different directorty that doesn't require authentication. bye! "Neil"...
    5. securing data in asp.net
      Hi everyone, I am new to asp.net development, and need help on security, I am developing a web application that would be accessed from the...
  2. ke4pym #2

    Default Re: Securing the CF administrator

    You've got a couple of options.

    Set NTFS permissions on /cfide/administrator and below to a group of
    administrators. Day-to-day operation doesn't need anything in that directory.

    Completely delete /cfide/administrator and move it to a new folder. Say
    d:\inetpub\cfadmin\administrator. Then create a new virtual directory on a new
    "administrative" web site called CFIDE and lock that down with NTFS privs
    and/or IP restrictions.


    ke4pym Guest
    Reply With Quote Reply With Quote
  3. tsongas #3

    Default Re: Securing the CF administrator

    Thanks for the reply.

    Are there other directories inside CFIDE I should worry about i.e. adminapi, componentutils, etc.?
    tsongas Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139