Advanced Macromedia ColdFusion MX 7 Application Development
As mentioned, RDS offers great benefits to developers; however, these services also introduce new security risks. To deal with this, ColdFusion offers a development security model, discussed in Chapter 8, "ColdFusion Security Options." It is always recommended to disable RDS access on production servers. Enabling RDS Password Security
ColdFusion restricts RDS access via Dreamweaver, HomeSite+, the ColdFusion ReportBuilder, and ColdFusion Studio with password security. This combined protection is enabled by default and secured using the password entered during installation. Use the following steps to enable password protection, as shown in Figure 10.1:
Figure 10.1. Enable the RDS Password in the ColdFusion Administrator's RDS Password screen.
NOTE You must stop and restart the ColdFusion Server whenever you change the password. Disabling RDS on Production Servers
ColdFusion implements RDS as a servlet mapped in the web.xml file. It is strongly recommended that server administrators disable the RDS services on servers that are not being explicitly used for development, and on servers that do not require remote access to files and databases. CAUTION Administrators should be aware that disabling the RDS services will also disable several Java applets in the ColdFusion Administrator, including the applet used to configure a file-based data source. If this functionality is required, you'll have to temporarily enable RDS, modify the server configuration, and disable RDS again. To disable RDS in ColdFusion, do the following:
NOTE For more information on enabling and disabling the RDSServlet, see Macromedia TechNote 17276, "Disabling/enabling ColdFusion RDS on production servers" at http://www.macromedia.com/go/tn_17276.
|