What do I need to do to tighten down a ColdFusion server for internet facing apps? The only thing that specifically came to mind was to restrict the CFIDE and JRunScripts directories to a local subnet.
Are there settings in the administrator I can tweak to make the applications more secure?
- Make sure you turn off debugging for production environments
- Have a site-wide error handler to mask any unhandled errors; otherwise the ugly grey box error message from CF will display, which could contain information about your server setup
Check more discussion of this question.