Ask a Jedi: Password protecting CFIDE

Andy asks:

What directories under CFIDE should be blocked/protected from public access on a public ColdFusion server? Is only preventing access to CFIDE/administrator good enough? How about CFIDE/adminapi? Any others that should be blocked? I tried searching the Adobe website, but I could only turn up a note regarding ColdFusion 4 and 4.5!

I’m pretty surprised by the fact that this hasn’t been updated lately. I took a quick look at Livedocs, but didn’t see anything that related to this.

I haven’t done this myself in a while (I admit it - I’m lazy), but I’d think you would want to lock down these subfolders:

administrator
adminapi
classes (no need for folks to browse it)
componentutils

So I’m with you on administrator and adminapi. I mention classes and componentutils because there is no need for them to be visible anyway. But you can probablyg et away with just locking down the first two.

Any comments on this?

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support.

Lafayette, LA https://www.raymondcamden.com

Comments