Twitter: raymondcamden


Address: Lafayette, LA, USA

ColdFusion 10 Lockdown Guide

11-28-2012 3,528 views ColdFusion 5 Comments

Just a quick note to let folks know that the ColdFusion 10 Lockdown Guide (a step by step walkthrough and how you can secure your ColdFusion 10 install) has been released. You may find it here: PDF

5 Comments

  • Commented on 11-28-2012 at 9:20 AM
    Very timely! Just got a new server the other day and plan on putting CF10 on it and then migrate our site from it's current CF8 server.
  • David McGuigan #
    Commented on 12-21-2012 at 11:32 PM
    Awesome. Implementing shortly. Thanks.
  • Jim #
    Commented on 05-16-2013 at 9:36 AM
    Are there errors in the lockdown guide?

    1) It says to create the cfadmin directory, but then it doesn't say anything about copying anything to it. Are you supposed to copy what's under the Coldfusion cfusion\wwwroot to your new cfadmin folder? If you do, will the updates then fail since it does not know where the actual CFIDE is or do you have to copy it over again after each update.

    2) Moving the CFIDE appears to break the updates, the accordions are gone and when I click on "Download" nothing happens though the rest of the administrator appears to work.

    Any help appreciated.
  • Jim #
    Commented on 05-16-2013 at 10:39 AM
    I figured out part of my problem. I had to include a cf-scripts virtual directory in the cfadmin web site pointing to the scripts folder. That fixes the accordion/download issue.

    But the other issue is that now the updater does not know where CFIDE is, does it? You set where the scripts directory is, but not the CFIDE. Do you have to copy it over after every update?
  • Commented on 05-16-2013 at 12:24 PM
    Jim, I'd reach out to Pete Freitag at Foundeo. He is the author of the document.

Post Reply

Please refrain from posting large blocks of code as a comment. Use Pastebin or Gists instead. Text wrapped in asterisks (*) will be bold and text wrapped in underscores (_) will be italicized.

Leave this field empty