ColdFusion security

Security is especially important in web-based applications, such as those you develop in ColdFusion. ColdFusion developers and administrators must fully understand the security risks that could affect their development and runtime environments so they can enable and restrict access appropriately.

You can implement development security by requiring a password to use the ColdFusion Administrator and a password for Remote Development Services (RDS), which allows developers to develop CFML pages remotely. You implement runtime security in your CFML pages and in the ColdFusion Administrator. ColdFusion has the following runtime security categories:

User security

Programmatically determine the logged-in user and allow or disallow restricted functionality based on the roles assigned to that user. For more information about user security, see ColdFusion security features in Securing Applications in the Developing ColdFusion Applications.

Sandbox security

Using the ColdFusion Administrator, define the actions and resources that the ColdFusion pages in and below a specified directory can use.

Note: If you have the Enterprise Edition of ColdFusion, you can configure multiple security sandboxes. If you have the Standard Edition of ColdFusion, you can only configure a single security sandbox.

Advertisements

, , , , , , , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: