Skip navigation
Currently Being Moderated

CFIDE directory

Dec 27, 2013 12:28 PM

I am a ColdFusion user since version 3 (building web site with cfml).

I do not know anything about the ColdFusion product itself.

I am now wondering why new tags needs to access CFIDE directory

which is the CF administrator directory ?

I feel that engine and administration have been mixed up in same directory.

Is there a reason ?

I think about last CF vulnerability and hacking, afraid this mixup grows the vulnerability ?

My question may be totally out, as I do not know about CF product architecture.

Thanks for any clarification.

Pierre.

 
Replies
  • Currently Being Moderated
    Dec 27, 2013 1:37 PM   in reply to plarts

    You should not have a publiclly accessible CFIDE directory.  It is highly recommended to not only add request filtering to prevent people from getting to these restricted areas, but to add IP address restrictions as well.

     

    All ColdFusion needs to operate is the jakarta virtual directory, since it provides access to the needed isapi_rewrite.dll file.

     

    If you are using tags which need to access CF's scripts directory, it is highly recommended that you utilize a virtual directory like 'cf-scripts' and then setup in the CF Admin the use of that virtual directory rather than /CFIDE/scripts.

     

    If you get a moment, I'd look over the principles put forth in the ColdFusion 10 Server Lockdown Guide and make sure your application adheres to those best practices.

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 29, 2013 5:28 AM   in reply to plarts

    CFIDE is where the scripts for javascript libraries and java applets are stored.

    the best suggestion is to not use any of the built in ui tags which require cfide, if you have been devleoping since cf3 then you should be well beyond this anyway and using JQuery et al.

    as suggested read the lock down guide if you host your own server. If you are using shared hosting then your host should take care of the security.

    Here is a simpler lock down guide: http://www.michaels.me.uk/post.cfm/securing-your-coldfusionmx-installa tion-on-windows

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points