|
Hi Lee, As I recall, the OpenBD Admin project was a separate labor of love headed up by Matt Woodward, who I met at a CFOPEN conference in Texas many years ago. Much like the ACF Admin tools, the project's purpose was simply to help craft the /WEB-INF/bluedragon/bluedragon.xml file and some of the JDBC connection strings by way of a GUI. But once that work has been done, the folders /adminapi and /administrator could probably be entirely removed from the project in production without consequence. The one security issue I'm aware of is that the /adminapi folder could be browsed or accessed from the public without being logged in (foundeo.com/hack-my-cf/). While I have been able to reproduce the former in a test environment, I haven't been able to do either on our production system. I get 403 Forbidden, although I'm not a professional hack. Al Holden On 11/11/2016 12:15 PM, Lee Fortnam
wrote:
-- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. |
Re: [OpenBD] Securing OpenBD in a production envionrment
'Alan Holden' via Open BlueDragon Fri, 11 Nov 2016 19:54:33 -0800
- [OpenBD] Securing OpenBD in a production... Lee Fortnam
- Re: [OpenBD] Securing OpenBD in a p... 'Alan Holden' via Open BlueDragon
- Re: [OpenBD] Securing OpenBD in... Lee
- Re: [OpenBD] Securing OpenBD in... Lee
- Re: [OpenBD] Securing OpenB... 'Alan Holden' via Open BlueDragon
