Manualshelf

System information

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER
81828384858687888990
76
CONFIGURING AND ADMINISTERING COLDFUSION 9
Administering Security
Last updated 2/21/2012
Configurable seed for password encryption
In ColdFusion 9 Update 1, Administrator has option to specify a new seed value to encrypt data source passwords.
Previously, ColdFusion used to assign a default seed value to encrypt data source passwords, but modification was not
allowed.
To modify the default seed value assigned by ColdFusion or to change the value you specified,
1 In the ColdFusion Administrator, got to Security > Administrator and then in the Password Seed section, specify
the new seed value between 8-500 characters.
2 Click Submit Changes.
Note: When you modify the seed value, all data source connections are reset. Therefore, Adobe recommends that you
perform this task when the server is idle or at the initial phase (after installation).
RDS password protection
If you configured password protection for RDS access when you installed ColdFusion, you are prompted for the
password when you attempt to access ColdFusion from Dreamweaver MX 2004, HomeSite+, or the ColdFusion
Report Builder.
You can disable RDS or change the RDS password on the Security > RDS Password page.
Note: Disabling RDS also disables the applet that the ColdFusion Administrator uses in file-related dialog boxes.
If you use RDS security, you rely on web server and operating system security settings to set permissions for
ColdFusion application and document directories.
Exposing services to users
ColdFusion exposes many existing enterprise services as web services. You can access these services using SOAP and
AMF/Flash remoting.
The following are the exposed services:
cfpdf
cfImage
cfdocument
cfmail
cfpop
cfchart
upload service
You can secure the exposed services to prevent access by unknown applications or users. This can be done by
configuring the client IP address range to which services are accessible. Also, you can set up user access control for the
services.
On the Security > User Manager page, you can select the services available to a user from the Exposed Services section.
By default, all the services are listed in the Prohibited Services drop-down list. Press CTRL and select the services that
you want the user to avail and click the << button.
Now, click Edit User to implement the changes to the user settings.