Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER
301302303304305306307308309310
Chapter 9: Configuring Basic Security 285
example, you have several geographically dispersed participants in a development
project. In addition, a group of widely dispersed developers may require different
levels of access to files and data sources.
Securing data sources
In addition to your application pages, you also need to consider data source security.
Using basic security measures, you can take several steps to ensure that your data
sources remain secure even when your application page directories are partially
accessible:
1. If you don’t need to insert, update, or delete data in the data source, configure it as
read-only. You can do this in the ColdFusion Administrator ODBC Data Source
Advanced page.
2. Use a database system that supports security and create a user account that has
access to only selected tables and operations (such as, SELECT, INSERT). You can
then configure ColdFusion to use that account when interacting with the data
source.
3. Using the ColdFusion ODBC or Native Drivers page, configure ColdFusion settings
to allow only certain SQL operations (such as SELECT and INSERT) in interactions
with the data source.
ColdFusion Remote Development Services (RDS)
ColdFusion RDS is a component of ColdFusion Server used by the ColdFusion
Administrator and ColdFusion Studio to provide remote HTTP-based access to files
and databases. You can use RDS to manage ColdFusion Studio access to files and
databases on a server hosting ColdFusion.
RDS provides both Basic and Advanced security services for ColdFusion, allowing you
to configure the level of security you need for your situation. For more information see
Chapter 10, “Configuring Advanced Security,” on page 289.
Basic security options managed by RDS can be found in the Administrator Server,
Basic Security page, where you’ll find options for defining passwords and securing a
subset of ColdFusion tags.
Basic Security Limitations
ColdFusion Basic security hinges on the protection of a single password per server. So
long as the password is kept secret, unauthorized access to the files and databases on
the server is impossible. It’s important to understand that this security model has two
liabilities: