Securing RDS

Previous page
Table of content
Next page

As mentioned, RDS offers great benefits to developers; however, these services also introduce new security risks. To deal with this, ColdFusion offers a development security model, discussed in Chapter 8, "ColdFusion Security Options." It is always recommended to disable RDS access on production servers.

Enabling RDS Password Security

ColdFusion restricts RDS access via Dreamweaver, HomeSite+, the ColdFusion ReportBuilder, and ColdFusion Studio with password security. This combined protection is enabled by default and secured using the password entered during installation.

Use the following steps to enable password protection, as shown in Figure 10.1:

1.

In the RDS Password page, enable Use an RDS Password for Dreamweaver, HomeSite+, or the ColdFusion ReportBuilder.

2.

In the New Password text box, enter a password (up to 50 characters).

3.

Confirm your new password in the Confirm Password text box.

4.

Click Submit Changes to save the password. If you make a mistake and enter passwords that do not match, you'll see an error message.

Figure 10.1. Enable the RDS Password in the ColdFusion Administrator's RDS Password screen.


NOTE

You must stop and restart the ColdFusion Server whenever you change the password.


Disabling RDS on Production Servers

ColdFusion implements RDS as a servlet mapped in the web.xml file. It is strongly recommended that server administrators disable the RDS services on servers that are not being explicitly used for development, and on servers that do not require remote access to files and databases.

CAUTION

Administrators should be aware that disabling the RDS services will also disable several Java applets in the ColdFusion Administrator, including the applet used to configure a file-based data source. If this functionality is required, you'll have to temporarily enable RDS, modify the server configuration, and disable RDS again.


To disable RDS in ColdFusion, do the following:

1.

Stop ColdFusion.

2.

Back up the web.xml file.

On Windows, the path is cf_root\wwwroot\WEB-INF\web.xml.

On Unix systems, the path is cf_root/wwwroot/WEB-INF/web.xml.

For the multiserver and J2EE configurations, the path is cf_root/WEB-INF/web.xml.

3.

Open the original file in an editor, and comment out the RDSServlet mapping as shown in Figure 10.2:

 <!--   <servlet-mapping >     <servlet-name>RDSServlet</servlet-name>     <url-pattern>/CFIDE/main/ide.cfm</url-pattern>   </servlet-mapping> -->

Figure 10.2. Use a text editor to comment out the RDSServlet servlet mapping in the web.xml file.


3.

Restart ColdFusion.

NOTE

For more information on enabling and disabling the RDSServlet, see Macromedia TechNote 17276, "Disabling/enabling ColdFusion RDS on production servers" at http://www.macromedia.com/go/tn_17276.



Previous page
Table of content
Next page
Advanced Macromedia ColdFusion MX 7 Application Development
Advanced Macromedia ColdFusion MX 7 Application Development
ISBN: 0321292693
EAN: 2147483647
Year: 2006
Pages: 240
Authors: Ben Forta, et al
BUY ON AMAZON
Qshell for iSeries
101 Microsoft Visual Basic .NET Applications
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
File System Forensic Analysis
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy