User Guide
69
CHAPTER 5
Administering Security
You can secure a number of ColdFusion MX resources with password access and configure
sandbox security. This chapter describes configuration options for ColdFusion security.
Contents
About ColdFusion MX security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Using sandbox security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
About ColdFusion MX security
Security is especially important in web-based applications, such as those you develop in
ColdFusion MX. ColdFusion developers and administrators must fully understand the security
risks that could affect their development and runtime environments so they can enable and
restrict access appropriately.
You implement development security by requiring a password to use the ColdFusion MX
Administrator and a password for Remote Development Services (RDS), which allows developers
to develop CFML pages remotely. You implement runtime security in your CFML pages and in
the ColdFusion MX Administrator. ColdFusion MX has the following runtime security
categories:
• User security Programmatically determine the logged-in user and allow or disallow
restricted functionality based on the roles assigned to that user. For more information about
user security, see Developing ColdFusion MX Applications.
• Sandbox security Using the Administrator, define the actions and resources that the
ColdFusion pages in and below a specified directory can use.
The Security area in the Administrator lets you do the following tasks:
• Configure password protection for the Administrator.
• Configure password protection for RDS access.
• Enable, disable, and customize ColdFusion security, on the Security > Sandbox Security page
(called Resource Security page in the Standard edition).