Table of Contents
Advertisement
ColdFusion security features
ColdFusion provides scalable, granular security for building and deploying your ColdFusion
applications. ColdFusion provides the following types of security resources:
•
Development
can specify a password for access to data sources from Macromedia Dreamweaver MX. For
more information on configuring Administrator security passwords, see the ColdFusion MX
Administrator online Help.
•
Resource/Sandbox
resources, including selected tags and functions, data sources, files, and host addresses. In
Standard edition, you configure a single set of resource limitations that apply to all your
ColdFusion applications.
In Enterprise edition, you can have multiple sandboxes, based on the location of your
ColdFusion pages, each with its own set of resource limitations. You can confine applications
to secure areas, thereby flexibly restricting the access that the application has to resources.
•
User
ColdFusion applications can require users to log in to use application pages. You can
assign users to roles (sometimes called groups); ColdFusion pages can determine the logged-in
user's roles or ID and selectively determine what to do based on this information.
Note: You can also use the
ColdFusion pages that you distribute. Although this technique cannot prevent determined hackers
from determining the contents of your pages, it does prevent inspection of the pages.
About resource and sandbox security
ColdFusion provides two levels of resource-based security:
•
ColdFusion MX Standard refers to its resource-based security as resource security. It lets you
specify a single set of limitations on access to ColdFusion resources that apply to all
ColdFusion applications.
•
ColdFusion MX Enterprise refers to its resource-based security as sandbox security. Sandbox
security is a superset of resource security. Sandbox security lets you create multiple sandboxes,
each corresponding to a different directory. For each sandbox, you specify a set of resource
limitations that apply to all ColdFusion pages in the sandbox directory and its subdirectories.
If you create a sandbox that is a subdirectory of a sandbox, the subdirectory's rules override the
parent directory's rules.
The ColdFusion MX Administrator Resource Security page (in Standard) and Sandbox Security
page (in Enterprise) let you enable resource-based security. In ColdFusion Standard, the page lets
you configure the resource settings that apply to all your ColdFusion applications. In ColdFusion
Enterprise, the page lets you create sandboxes and configure the resource limitations for each
sandbox individually.
346
Chapter 16: Securing Applications
ColdFusion MX Administrator is protected by a password. Additionally, you
The ColdFusion MX Administrator can limit access to ColdFusion
utility, located in the cf_root/bin directory, to obscure
cfencode
Advertisement
Table of Contents
Troubleshooting
