Macromedia colfusion mx 7 Manual

85

Administering Security

This chapter describes configuration options for Macromedia ColdFusion MX security. You can 
secure a number of Macromedia ColdFusion MX 7 resources with password access and you can 
configure sandbox security. 

Contents

About ColdFusion MX security 

Security is especially important in web-based applications, such as those you develop in 
ColdFusion MX. ColdFusion developers and administrators must fully understand the security 
risks that could affect their development and runtime environments so they can enable and 
restrict access appropriately.

You implement development security by requiring a password to use the ColdFusion MX 
Administrator and a password for Remote Development Services (RDS), which allows developers 
to develop CFML pages remotely. You implement runtime security in your CFML pages and in 
the ColdFusion MX Administrator. ColdFusion MX has the following runtime security 
categories:

User security

  Programmatically determine the logged-in user and allow or disallow restricted 

functionality based on the roles assigned to that user. For more information about user security, 
see “ColdFusion security features” in Chapter 16, “Securing Applications,” in ColdFusion MX 
Developer’s Guide.

Sandbox security

  Using the ColdFusion MX Administrator, define the actions and resources 

that the ColdFusion pages in and below a specified directory can use.

Note: If you have the Enterprise Edition of ColdFusion MX, you can configure multiple security 
sandboxes. If you have the Standard Edition of ColdFusion MX, you can only configure a single 
security sandbox.