What directories under CFIDE should be blocked/protected from public access on a public ColdFusion server? Is only preventing access to CFIDE/administrator good enough? How about CFIDE/adminapi? Any others that should be blocked? I tried searching the Adobe website, but I could only turn up a note regarding ColdFusion 4 and 4.5!
I’m pretty surprised by the fact that this hasn’t been updated lately. I took a quick look at Livedocs, but didn’t see anything that related to this.
I haven’t done this myself in a while (I admit it - I’m lazy), but I’d think you would want to lock down these subfolders:
classes (no need for folks to browse it)
So I’m with you on administrator and adminapi. I mention classes and componentutils because there is no need for them to be visible anyway. But you can probablyg et away with just locking down the first two.
Any comments on this?