Adobe ColdFusion 8

Security section

The Security section of the Administrator lets you configure the security frameworks of ColdFusion.

For more information on security, see Administering Security.

The Security section contains the following pages:

Administrator page

Use the Administrator page of the Administrator to enable and disable password-restricted access to the Administrator, and to change the Administrator password. Restrict ColdFusion Administrator access to trusted users. You can also specify whether to have all users use a single ColdFusion Administrator password or to allow only users defined in the User Manager and the root administrative user to have access to the ColdFusion Administrator.

RDS page

Use the RDS page to enable and disable password-restricted RDS access to server resources from Macromedia Dreamweaver MX from Adobe, Macromedia HomeSite+ from Adobe Systems Incorporated, ColdFusion Extensions for Eclipse, or the ColdFusion Report Builder, and to change the RDS password. You can also specify whether to have all users use a single RDS password, or to allow only users defined in the User Manager to have access through RDS.

Sandbox Security page

You use the Sandbox Security page (called Resource Security in the Standard Edition) to specify security permissions for data sources, tags, functions, files, and directories.

Sandbox security uses the location of your ColdFusion pages to determine functionality. A sandbox is a designated area (CFM files or directories that contain CFM files) of your site to which you apply security restrictions. By default, a subdirectory (or child directory) inherits the sandbox settings of the directory one level above it (the parent directory). If you define sandbox settings for a subdirectory, you override the sandbox settings inherited from the parent directory.

Use sandbox security to control access to the following:

  • Data sources
  • Tags
  • Functions
  • Files and directories
  • IP addresses and ports

Note: If you have enabled sandbox security and want to use the Administrator API, you must enable access to the CFIDE/adminapi directory.

User Manager page

Use the User Manager page to specify the username, password, description, access rights, sandboxes, and allowed roles for individual users. This page is especially useful for web hosting when multiple ColdFusion applications are on one server, each maintained by a different user or organization.

You can grant access to the ColdFusion Administrator, which also grants access to the Administrator API.

If the administrator revokes a user's role while the user is logged in, there is no effect; the revocation takes effect when the user logs in again.

The default administrator user ID is admin. To change the administrator user ID, add the following in the neo-security.xml file, replacing admin with the user ID to use:

<var name='admin.userid.root'>
    <string>admin</string>
</var>