Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Web Design & Development > Adobe ColdFusion

  • Print
  • + Share This
This chapter is from the book

Security

ColdFusion provides a number of security-related features. Some of these features let you add login and role-based security mechanisms to your own applications. The options in the Security portion of the ColdFusion Administrator, in contrast, are about securing the server itself so that only the proper people have the ability to administer ColdFusion. You can also lock down various parts of the server (tags, files, data sources, and so on) so that each application only has the right to use its own files and data.

The Administrator Page

The ColdFusion Administrator enables the configuration and management of the ColdFusion server. Therefore, the ColdFusion Administrator should generally be password protected to prevent unauthorized access.

ColdFusion Administrator Authentication

To support a single administration login and password, select the first option. To support multiple administrators, each possibly with a different level of access, select the second option. To allow access without a password, select the third option.

Root Administrator Password

Use this option to change the primary ColdFusion Administrator password.

The RDS Password Page

RDS is used to provide development time access to ColdFusion data sources, files, reporting building, and more. Because RDS can expose sensitive files and data, it should always be secured.

RDS Authentication

To support a single RDS login and password, select the first option. To support multiple RDS logins, each possibly tied to a different sandbox, select the second option. To allow access without a password, select the third option.

RDS Single Password

Use this option to change the primary RDS password.

The Sandbox Security Page

ColdFusion includes a feature called sandbox security. This feature is mostly aimed at Internet service providers or people running large enterprise-wide servers, where a server may have many different ColdFusion applications written by many different developers. In such a situation, there needs to be some way to keep one set of developers from accessing the data sources that are being used by another set of developers. Similarly, there needs to be some way to keep one application from being able to use <cffile> or <cfdirectory> to read or destroy files that are important to another application.

The User Manager Page

As seen previously, both the ColdFusion Administrator and RDS support single-password logins and multiple logins. To use the latter, you define users using this page.

Click the Add User button to add a user and then define the username, password, and permissions for this user.

u2192.gif For more information, see Chapter 53, "Securing the ColdFusion Administrator," in Volume 3.

  • + Share This
  • 🔖 Save To Your Account