User Guide
Table Of Contents
- Contents
- Introduction
- Administering ColdFusion MX 7
- Administering ColdFusion MX
- Using the ColdFusion MX Administrator
- Contents
- Initial administration tasks
- Accessing user assistance
- Server Settings section
- Data & Services section
- Debugging & Logging section
- Extensions section
- Event Gateways section
- Security section
- Packaging and Deployment section
- Enterprise Manager section
- Custom Extensions section
- Administrator API
- Data Source Management
- Contents
- About JDBC
- Adding data sources
- Connecting to DB2 Universal Database
- Connecting to Informix
- Connecting to Microsoft Access
- Connecting to Microsoft Access with Unicode
- Connecting to Microsoft SQL Server
- Connecting to MySQL
- Connecting to ODBC Socket
- Connecting to Oracle
- Connecting to other data sources
- Connecting to Sybase
- Connecting to JNDI data sources
- Web Server Management
- Deploying ColdFusion Applications
- Administering Security
- Using Multiple Server Instances
- Administering Verity
- Introducing Verity and Verity Tools
- Indexing Collections with Verity Spider
- Using Verity Utilities
- Contents
- Overview of Verity utilities
- Using the mkvdk utility
- Using the rck2 utility
- Using the rcvdk utility
- Using the didump utility
- Using the browse utility
- Using the merge utility
- Index
85
CHAPTER 6
Administering Security
This chapter describes configuration options for Macromedia ColdFusion MX security. You can
secure a number of Macromedia ColdFusion MX 7 resources with password access and you can
configure sandbox security.
Contents
About ColdFusion MX security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Using password protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Using sandbox security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
About ColdFusion MX security
Security is especially important in web-based applications, such as those you develop in
ColdFusion MX. ColdFusion developers and administrators must fully understand the security
risks that could affect their development and runtime environments so they can enable and
restrict access appropriately.
You implement development security by requiring a password to use the ColdFusion MX
Administrator and a password for Remote Development Services (RDS), which allows developers
to develop CFML pages remotely. You implement runtime security in your CFML pages and in
the ColdFusion MX Administrator. ColdFusion MX has the following runtime security
categories:
User security Programmatically determine the logged-in user and allow or disallow restricted
functionality based on the roles assigned to that user. For more information about user security,
see “ColdFusion security features” in Chapter 16, “Securing Applications,” in ColdFusion MX
Developer’s Guide.
Sandbox security Using the ColdFusion MX Administrator, define the actions and resources
that the ColdFusion pages in and below a specified directory can use.
Note: If you have the Enterprise Edition of ColdFusion MX, you can configure multiple security
sandboxes. If you have the Standard Edition of ColdFusion MX, you can only configure a single
security sandbox.