Securing RDS

Previous page
Table of content
Next page

As mentioned, RDS offers great benefits to developers; however, these services also introduce new security risks. To deal with this, ColdFusion offers a development security model, discussed in Chapter 8, "ColdFusion Security Options." It is always recommended to disable RDS access on production servers.

Enabling RDS Password Security

ColdFusion restricts RDS access via Dreamweaver, HomeSite+, the ColdFusion ReportBuilder, and ColdFusion Studio with password security. This combined protection is enabled by default and secured using the password entered during installation.

Use the following steps to enable password protection, as shown in Figure 10.1:

1.

In the RDS Password page, enable Use an RDS Password for Dreamweaver, HomeSite+, or the ColdFusion ReportBuilder.

2.

In the New Password text box, enter a password (up to 50 characters).

3.

Confirm your new password in the Confirm Password text box.

4.

Click Submit Changes to save the password. If you make a mistake and enter passwords that do not match, you'll see an error message.

Figure 10.1. Enable the RDS Password in the ColdFusion Administrator's RDS Password screen.


NOTE

You must stop and restart the ColdFusion Server whenever you change the password.


Disabling RDS on Production Servers

ColdFusion implements RDS as a servlet mapped in the web.xml file. It is strongly recommended that server administrators disable the RDS services on servers that are not being explicitly used for development, and on servers that do not require remote access to files and databases.

CAUTION

Administrators should be aware that disabling the RDS services will also disable several Java applets in the ColdFusion Administrator, including the applet used to configure a file-based data source. If this functionality is required, you'll have to temporarily enable RDS, modify the server configuration, and disable RDS again.


To disable RDS in ColdFusion, do the following:

1.

Stop ColdFusion.

2.

Back up the web.xml file.

On Windows, the path is cf_root\wwwroot\WEB-INF\web.xml.

On Unix systems, the path is cf_root/wwwroot/WEB-INF/web.xml.

For the multiserver and J2EE configurations, the path is cf_root/WEB-INF/web.xml.

3.

Open the original file in an editor, and comment out the RDSServlet mapping as shown in Figure 10.2:

 <!--   <servlet-mapping >     <servlet-name>RDSServlet</servlet-name>     <url-pattern>/CFIDE/main/ide.cfm</url-pattern>   </servlet-mapping> -->

Figure 10.2. Use a text editor to comment out the RDSServlet servlet mapping in the web.xml file.


3.

Restart ColdFusion.

NOTE

For more information on enabling and disabling the RDSServlet, see Macromedia TechNote 17276, "Disabling/enabling ColdFusion RDS on production servers" at http://www.macromedia.com/go/tn_17276.



Previous page
Table of content
Next page
Advanced Macromedia ColdFusion MX 7 Application Development
Advanced Macromedia ColdFusion MX 7 Application Development
ISBN: 0321292693
EAN: 2147483647
Year: 2006
Pages: 240
Authors: Ben Forta, et al
BUY ON AMAZON
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
101 Microsoft Visual Basic .NET Applications
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Mapping Hacks: Tips & Tools for Electronic Cartography
An Introduction to Design Patterns in C++ with Qt 4
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy