Just a quick note to let folks know that the ColdFusion 10 Lockdown Guide (a step by step walkthrough and how you can secure your ColdFusion 10 install) has been released. You may find it here: PDF
(This post is more than 2 years old.)
ColdFusion 10 Lockdown Guide
Support this Content!
If you like this content, please consider supporting me. You can become a Patron, visit my Amazon wishlist, or buy me a coffee! Any support helps!
Want to get a copy of every new post? Use the form below to sign up for my newsletter.
Archived Comments
Very timely! Just got a new server the other day and plan on putting CF10 on it and then migrate our site from it's current CF8 server.
Awesome. Implementing shortly. Thanks.
Are there errors in the lockdown guide?
1) It says to create the cfadmin directory, but then it doesn't say anything about copying anything to it. Are you supposed to copy what's under the Coldfusion cfusion\wwwroot to your new cfadmin folder? If you do, will the updates then fail since it does not know where the actual CFIDE is or do you have to copy it over again after each update.
2) Moving the CFIDE appears to break the updates, the accordions are gone and when I click on "Download" nothing happens though the rest of the administrator appears to work.
Any help appreciated.
I figured out part of my problem. I had to include a cf-scripts virtual directory in the cfadmin web site pointing to the scripts folder. That fixes the accordion/download issue.
But the other issue is that now the updater does not know where CFIDE is, does it? You set where the scripts directory is, but not the CFIDE. Do you have to copy it over after every update?
Jim, I'd reach out to Pete Freitag at Foundeo. He is the author of the document.