User Guide
286 Administering ColdFusion Server
1. Password vulnerability. The password can be lost, stolen, or hacked.
2. Access control is generalized, that is, remote developers have access either to all
files and data sources, or none. With Basic security, you can’t protect individual
directories and or databases.
Securing ColdFusion file resources
The following table shows how ColdFusion Basic security compares with native OS
options available to you in securing files for remote development.
Securing ColdFusion data sources
The following table shows how ColdFusion Basic security can be configured to secure
ColdFusion data sources.
Securing Files from ColdFusion Studio
Method Description Security Model
LAN-based Uses the native file system to
provide access to local and
network drives.
Access is determined by the
network permissions of user
logged into workstation where
Studio is being run.
FTP-based Connects to an FTP server
running on same machine as the
target web server.
Permissions defined using the
native security of the FTP server
software.
RDS-based Interacts with the remote file
system using RDS on the target
ColdFusion Server.
Files on the target server can be
secured with the ColdFusion
Studio password.
Securing Data Sources from ColdFusion Studio
Method Description Security Model
Basic security is
enabled on the
local
workstation.
Data sources are accessed
through RDS on the local
ColdFusion Server.
Data sources that are accessible
to the user locally are accessible
through ColdFusion Studio.
Basic security is
enabled on the
remote server.
Data sources are accessed
through RDS on the remote
ColdFusion Server.
Data sources that are accessible
to ColdFusion Server are
accessible remotely via
ColdFusion Studio.