| Administering ColdFusion MX |
|
|
Administering Security |
|
| Administering ColdFusion MX |
|
|
Administering Security |
|
Security is especially important in web-based applications, such as those you develop in ColdFusion. You implement security throughout your ColdFusion environment, in ColdFusion Markup Language (CFML) and in the ColdFusion Administrator. ColdFusion has two main security categories: user (or programmatic) and sandbox (file and directory-based). For more information about user security, see Developing ColdFusion MX Applications with CFML.
The Security area in the ColdFusion Administrator lets you do the following tasks:
If you have the Enteprise Edition of ColdFusion MX, you can configure several security sandboxes. If you have the Standard Edition of ColdFusion MX, you can configure the root security sandbox.
In the Enterprise Edition of ColdFusion MX, when you click the Security > Sandbox Security page link, it opens the following page:
The ColdFusion Administrator installs with secure access enabled. The password that you enter during installation is saved as the default. When you open the Administrator for the first time, you are prompted to enter the password.
If you configured password protection for RDS accesswhen you installed ColdFusion, you are prompted for the password when you attempt to access ColdFusion MX from Dreamweaver MX, HomeSite+, or ColdFusion Studio.
Sandbox security in not enabled by default. You must enable it on the Security > Sandbox Security page before you can configure it.
Password protection for accessing the ColdFusion Administrator helps guard against unauthorized modifications of ColdFusion MX, and Macromedia highly recommends using passwords. You can disable password protection by clearing the check box on the Security > CF Admin Password page. You can also change the password on that page by entering a new password twice.
You can enable file and data source security for RDS access from the Security > RDS Password page. You can also change the password on that page by entering a new password twice.
If you enable this security, you rely on web server security settings to set permissions to ColdFusion application and document directories. In addition, you rely on your database settings to control access to data sources.
