1

I've installed Railo 3.2.1.000 final, what worries me is that I can view the contents of the C:\ even though the web-context is located in d:\sites\mysite.com\

Can each website be restricted to ONLY it's files?

1 Answers1

1

In the Server Adminstrator, under Security > Access > CFML Environment, set File Access to 'local' so that each web context can only access files within its own web root.

The default is 'all' to allow for applications that access files via mappings that are outside the web root, which is fairly common for CFML applications.