You should not have a publiclly accessible CFIDE directory. It is highly recommended to not only add request filtering to prevent people from getting to these restricted areas, but to add IP address restrictions as well.
All ColdFusion needs to operate is the jakarta virtual directory, since it provides access to the needed isapi_rewrite.dll file.
If you are using tags which need to access CF's scripts directory, it is highly recommended that you utilize a virtual directory like 'cf-scripts' and then setup in the CF Admin the use of that virtual directory rather than /CFIDE/scripts.
If you get a moment, I'd look over the principles put forth in the ColdFusion 10 Server Lockdown Guide and make sure your application adheres to those best practices.
I am not enough knowledgeable with these practices,
I do not understand how to do that things.
Then, I just put a "cfabort" in the application.cfm of the CFIDE. (keeping original one).
and I do not use the tags needing the CFIDE.
A shame, but I cannot do else. (a degrade ColdFusion).
I am just a CFML writer.
Thanks for your answer anyway, but I did not have answer to my question,
mix engine-admin in CFIDE, why ?
the best suggestion is to not use any of the built in ui tags which require cfide, if you have been devleoping since cf3 then you should be well beyond this anyway and using JQuery et al.
as suggested read the lock down guide if you host your own server. If you are using shared hosting then your host should take care of the security.
Here is a simpler lock down guide: http://www.michaels.me.uk/post.cfm/securing-your-coldfusionmx-installation-on-windows
I use my own server. So I can do there what I want.
I did the following : see answer in the previous thread :