Manualshelf

System information

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER
71727374757677787980
75
Last updated 2/21/2012
Chapter 7: Administering Security
You can secure many Adobe ColdFusion resources using password authentication and configure sandbox security.
About ColdFusion security
Security is especially important in web-based applications, such as those you develop in ColdFusion. ColdFusion
developers and administrators must fully understand the security risks that could affect their development and
runtime environments so they can enable and restrict access appropriately.
You can implement development security by requiring a password to use the ColdFusion Administrator and a
password for Remote Development Services (RDS), which allows developers to develop CFML pages remotely. You
implement runtime security in your CFML pages and in the ColdFusion Administrator. ColdFusion has the following
runtime security categories:
User security Programmatically determine the logged-in user and allow or disallow restricted functionality based on
the roles assigned to that user. For more information about user security, see ColdFusion security features in Securing
Applications in the Developing ColdFusion Applications.
Sandbox security Using the ColdFusion Administrator, define the actions and resources that the ColdFusion pages in
and below a specified directory can use.
Note: If you have the Enterprise Edition of ColdFusion, you can configure multiple security sandboxes. If you have the
Standard Edition of ColdFusion, you can only configure a single security sandbox.
The Security area in the Administrator lets you do the following tasks:
Configure password protection for the ColdFusion Administrator. For more information, see ColdFusion
Administrator password protection” on page 75.
Configure password protection for RDS access. For more information, see RDS password protection” on page 76.
Enable, disable, and customize ColdFusion security, on the Security > Sandbox Security page (called Resource
Security page in the Standard edition). For more information, see
Using sandbox security” on page 77.
Using password protection
Password protection restricts access to the ColdFusion Administrator and to a ColdFusion server when you attempt
access through RDS security.
ColdFusion Administrator password protection
Secure access to the ColdFusion Administrator is enabled by default. The password that you enter during installation
is saved as the default. You are prompted to enter this password whenever you open the Administrator.
Password protection for accessing the Administrator helps guard against unauthorized modifications of ColdFusion,
and Adobe recommends using passwords. You can disable or change the Administrator password on the Security >
CF Admin Password page.