ColdFusion 10 Lockdown Guide

This post is more than 2 years old.

Just a quick note to let folks know that the ColdFusion 10 Lockdown Guide (a step by step walkthrough and how you can secure your ColdFusion 10 install) has been released. You may find it here: PDF

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Archived Comments

Comment 1 by Steve posted on 11/28/2012 at 8:20 PM

Very timely! Just got a new server the other day and plan on putting CF10 on it and then migrate our site from it's current CF8 server.

Comment 2 by David McGuigan posted on 12/22/2012 at 10:32 AM

Awesome. Implementing shortly. Thanks.

Comment 3 by Jim posted on 5/16/2013 at 6:36 PM

Are there errors in the lockdown guide?

1) It says to create the cfadmin directory, but then it doesn't say anything about copying anything to it. Are you supposed to copy what's under the Coldfusion cfusion\wwwroot to your new cfadmin folder? If you do, will the updates then fail since it does not know where the actual CFIDE is or do you have to copy it over again after each update.

2) Moving the CFIDE appears to break the updates, the accordions are gone and when I click on "Download" nothing happens though the rest of the administrator appears to work.

Any help appreciated.

Comment 4 by Jim posted on 5/16/2013 at 7:39 PM

I figured out part of my problem. I had to include a cf-scripts virtual directory in the cfadmin web site pointing to the scripts folder. That fixes the accordion/download issue.

But the other issue is that now the updater does not know where CFIDE is, does it? You set where the scripts directory is, but not the CFIDE. Do you have to copy it over after every update?

Comment 5 by Raymond Camden posted on 5/16/2013 at 9:24 PM

Jim, I'd reach out to Pete Freitag at Foundeo. He is the author of the document.