<?xml version="1.0" encoding="UTF-8"?>
|
<!DOCTYPE html
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
<!--#config errmsg="" --><!-- saved from url=(0022)http://help.adobe.com/ -->
|
<html lang="en-us">
|
<head>
|
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
<meta name="lang" content="en-us" />
|
<meta name="area" content="livedocs" />
|
<title>Adobe ColdFusion 10 * About ColdFusion security</title>
|
<link rel="shortcut icon" href="images/ColdFusionLinkIndicator.png" />
|
<meta name="book" content="Configuring and Administering ColdFusion 10" />
|
<meta name="product" content="ColdFusion" />
|
<meta name="keywords" content="" /><!--<PageMap><DataObject type="document"><Attribute name="product" value="ColdFusion"></Attribute><Attribute name="book" value="Configuring and Administering ColdFusion 10"></Attribute><Attribute name="keywords" value=""></Attribute></DataObject></PageMap>-->
|
|
<script type="text/javascript" language="Javascript" charset="UTF-8"><!--[CDATA[
|
var currentTreeNode = "WSc3ff6d0ea77859461172e0811cbf363b95-7ff6.html";
|
document.cookie = "topicId=" + "WSc3ff6d0ea77859461172e0811cbf363b95-7ff6.html";
|
// ]]--></script>
|
<script src="terms.js" type="text/javascript" language="Javascript" charset="UTF-8">...</script> <script src="help.js" type="text/javascript" language="Javascript" charset="UTF-8">...</script> <script src="utilities.js" type="text/javascript" language="Javascript" charset="UTF-8">...</script> <script src="event.js" type="text/javascript" language="Javascript" charset="UTF-8">...</script> <script src="treeview.js" type="text/javascript" language="Javascript" charset="UTF-8">...</script> <script src="toc.js" language="Javascript" type="text/javascript" charset="UTF-8">..</script> <script src="swfobject.js" language="Javascript" type="text/javascript" charset="UTF-8">..</script> <script src="booklist.js" language="Javascript" type="text/javascript" charset="UTF-8">..</script>
|
<script type="text/javascript">
|
<!--[CDATA[
|
var topictype = "topic";
|
var headId = document.getElementsByTagName("head")[0];
|
if (use_ie_6_behavior) {
|
var linkId = document.createElement("link");
|
linkId.href = "content-ie6.css";
|
linkId.rel = "stylesheet";
|
linkId.type = "text/css";
|
headId.appendChild(linkId);
|
}
|
function initRoboHelpDOM() {
|
if (use_chm_behavior) {
|
hideElement("search");
|
}
|
if (use_robohelp_behavior) {
|
hideElement("search");
|
hideElement("productmenu");
|
//hideElement("notyourversion");
|
}
|
if(!use_chc_behavior) {
|
//document.getElementById("notyourversion").style.display = "inline";;
|
}
|
}
|
var dirname = location.pathname.match( /.*\// );
|
function setSearchUserPref(){
|
if ( document.cookie.indexOf( "ah_searchpref" ) > -1 ) {
|
if ( document.cookie.indexOf( dirname ) > 0 ) {
|
document.search.gsa.checked = true ;
|
}else{
|
document.search.gsa.checked = false ;
|
}
|
}
|
}
|
YAHOO.util.Event.onDOMReady(initRoboHelpDOM);
|
YAHOO.util.Event.onDOMReady(setSearchUserPref);
|
// ]]-->
|
</script>
|
<!--#include virtual="/ssi/globalheader.ssi" -->
|
<!--#include virtual="/en_US/ssi/localheader.ssi" -->
|
<!--#include virtual="header.ssi" -->
|
<link rel="stylesheet" type="text/css" href="tree.css" />
|
<link rel="stylesheet" type="text/css" href="content.css" />
|
<link rel="stylesheet" type="text/css" href="localeSpecific.css" />
|
</head>
|
<body id="content_body" onload="window.focus();">
|
<a name="top" shape="rect"><!--LeaveCommentHere--></a>
|
|
<div id="mnemonic">
|
<div class="ColdFusion"><div class="banner"><a href="WSf01dbd23413dda0e51f089d212047ee7a02-8000.html">Adobe ColdFusion 10</a></div></div>
|
</div>
|
|
<div id="searchbar">
|
<table id="searchbartable">
|
<tr>
|
<td colspan="2">
|
<div id="pdf"><img src="images/PDF.gif" width="16" height="16" hspace="10" /> 
|
<a title="View Help PDF" href="http://help.adobe.com/en_US/ColdFusion/10.0/Admin/coldfusion_10_admin.pdf">View Help PDF (adobe.com)</a></div>
|
</td>
|
</tr>
|
</table>
|
</div>
|
|
<!-- BEGIN SEARCH CONTENT -->
|
<form id="search" name="search" action="search.html" target="_self">
|
<script type="text/javascript">
|
<!--[CDATA[
|
if ( !use_chc_behavior ){
|
if (typeof(terms_AHV_SEARCH_CONSTRAINT) != "undefined" &&
|
terms_AHV_SEARCH_CONSTRAINT.length > 0 &&
|
document.location.href.indexOf(".adobe.com") > 0){
|
if ( typeof(terms_SEARCH_THIS_HELP_ONLY) != "undefined" && terms_SEARCH_THIS_HELP_ONLY == "ON" ) {
|
document.write('<div id="searchscope"> \
|
<input onchange="setAHSearchPref();" \
|
class="gsa" \
|
name="gsa" \
|
id="gsa" \
|
type="checkbox" \
|
checked="checked" \
|
value="1" ><\/input>');
|
|
// Leave the "Search this help system only" checkbox unckecked
|
}else{
|
document.write('<div id="searchscope"> \
|
<input onchange="setAHSearchPref();" \
|
class="gsa" \
|
name="gsa" \
|
id="gsa" \
|
type="checkbox" \
|
value="1" ><\/input>');
|
}
|
document.write('<span class="gsalabel">' + terms_AHV_SEARCH_CONSTRAINT + '<\/span><\/div>');
|
}
|
document.write('<input class="searchinput" \
|
name="q" \
|
id="q" \
|
type="text" \
|
maxlength="256" \
|
value="' + terms_AHV_SEARCH_BUTTON + '" \
|
onclick="clearSearch()"><\/input><input \
|
type="button" \
|
name="searchbutton" \
|
class="searchbutton" \
|
onclick="submit()"><\/input>');
|
}
|
|
/*
|
* Start Functions
|
*/
|
function clearSearch(){
|
if (document.search.q.value == terms_AHV_SEARCH_BUTTON){document.search.q.value = ""};
|
}
|
|
// set search preferences
|
function setAHSearchPref(){
|
if (document.search.gsa.checked == 1){
|
setAHSearchCookie( dirname );
|
}else{
|
setAHSearchCookie( "community" );
|
}
|
}
|
|
// Set search preferences cookie
|
function setAHSearchCookie( p ){
|
// set cookie ah_searchpref with a value of the document path
|
var expire=new Date();
|
expire.setDate(expire.getDate()+365); // Cookie expires after 1 year (365 days)
|
document.cookie="ah_searchpref=" +p+ "; expires=" +expire.toGMTString()+ ";";
|
}
|
|
// ]]-->
|
</script>
|
</form>
|
<!-- END SEARCH CONTENT -->
|
|
|
|
<!-- BEGIN PAGE CONTENT WRAPPER -->
|
<div id="page_content_wrapper">
|
<!-- BEGIN PAGE WRAPPER -->
|
<table id="page_content_table">
|
<tr>
|
<!--#include virtual="recommendations_topic.ssi" -->
|
<td id="col2">
|
<!-- BEGIN CONTENT WRAPPER -->
|
<!-- BEGIN BREADCRUMBS -->
|
|
|
<div id="breadcrumb">
|
|
<ul class="navigation"><li class="prev"><a accesskey="p" class="prev" href="WSc3ff6d0ea77859461172e0811cbf364104-7ff2.html" title="Administering Security"><img src="images/blank.gif" alt="Previous" width="17" height="17" /></a></li><li class="next"><a accesskey="n" class="next" href="WSc3ff6d0ea77859461172e0811cbf363b95-7ffb.html" title="Using password protection"><img src="images/blank.gif" alt="Next" width="17" height="17" /></a></li></ul><div class="hierarchy" id="hierarchy"><a href="WSf01dbd23413dda0e51f089d212047ee7a02-8000.html"><b>Home</b></a> / <a href="WSf01dbd23413dda0e51f089d212047ee7a02-8000.html"><b>Configuring and Administering ColdFusion 10</b></a> / <a href="WSc3ff6d0ea77859461172e0811cbf364104-7ff2.html"><b>Administering Security</b></a>
|
</div>
|
|
</div>
|
<!-- END BREADCRUMBS -->
|
<div id="content_wrapper">
|
<!-- BEGIN PAGE TITLE -->
|
<h1>About ColdFusion security</h1>
|
<!-- END PAGE TITLE -->
|
<!-- BEGIN IONCOMMENTCOUNT -->
|
<div id="ionCount">
|
</div>
|
<!-- END IONCOMMENTCOUNT -->
|
<table id="inner_content_table" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td>
|
<div style="border-top:#ccc solid 1px;"><p> </p>
|
</div>
|
<!--#include virtual="contentheader.ssi" -->
|
|
<div><p>Security
|
is especially important in web-based applications, such as those
|
you develop in ColdFusion. ColdFusion developers and administrators
|
must fully understand the security risks that could affect their
|
development and runtime environments so they can enable and restrict
|
access appropriately.</p>
|
<div class="para">Whether you have an e-commerce site where customers enter credit
|
card information or a global collaboration site where users share
|
confidential data, you should understand the security risks that
|
could threaten your web applications.<ul><li><p><strong>Snooping and eavesdropping:</strong> Someone
|
can monitor data sent over the public connections of the web.</p>
|
</li>
|
<li><p><strong>User impersonation: </strong>Someone can impersonate a trusted
|
user to gain access to information that only the trusted user should
|
see or download.</p>
|
</li>
|
<li><p><strong>Unauthorized access: </strong>Unauthorized users can gain access
|
to sensitive information. This security risk is the most complex
|
because the Internet links every computer to one large network.
|
Completely allowing or disallowing access to a given system or data
|
source is relatively straight-forward, but allowing the partial
|
access required for an application to be useful remains risky. For example,
|
a bank can easily publish a public, freely accessible site with
|
general banking information. Creating an account maintenance site
|
where users have exclusive access to their own personal account
|
information is more difficult.</p>
|
</li>
|
</ul>
|
ColdFusion provides
|
a highly secure environment for web application development and
|
deployment. It helps you reduce security risks in the following
|
ways:<ul><li><p><strong>Encryption:</strong> Use of the Secure Sockets Layer
|
(SSL) protocol prevents snooping, eavesdropping, and message tampering
|
as information passes between clients and servers. SSL, which is
|
supported by most web servers, encrypts Internet protocols (such
|
as HTTP) with public key cryptography. A private key resides on
|
the server to decrypt inbound data and encrypt outbound data.</p>
|
<p>After
|
the key is installed, the web server automatically handles encryption
|
and decryption.</p>
|
</li>
|
<li><p><strong>Authentication:</strong> Authentication checks whether someone
|
is a valid system user. It prompts a user for a unique login or
|
user name, and a password or personal identification number (PIN).</p>
|
</li>
|
<li><p><strong>Access Control:</strong> Authenticated users have access to
|
particular features or components based on security clearance, group
|
affiliation, or other criteria specified by the developer.</p>
|
</li>
|
</ul>
|
</div>
|
<p>You can implement <i xmlns:fn="http://www.w3.org/2005/xpath-functions" xmlns:fo="http://www.w3.org/1999/XSL/Format" xmlns:xs="http://www.w3.org/2001/XMLSchema">development security </i>by requiring a
|
password to use the ColdFusion Administrator and a password for
|
Remote Development Services (RDS), which allows developers to develop
|
CFML pages remotely. You implement <i xmlns:fn="http://www.w3.org/2005/xpath-functions" xmlns:fo="http://www.w3.org/1999/XSL/Format" xmlns:xs="http://www.w3.org/2001/XMLSchema">runtime security </i>in your
|
CFML pages and in the ColdFusion Administrator. ColdFusion has the
|
following runtime security categories:</p>
|
<dl><dt class="dlterm">User security</dt>
|
<dd xmlns:fn="http://www.w3.org/2005/xpath-functions" xmlns:fo="http://www.w3.org/1999/XSL/Format" xmlns:xs="http://www.w3.org/2001/XMLSchema">Programmatically determine the logged-in user and allow or disallow
|
restricted functionality based on the roles assigned to that user.
|
For more information about user security, see ColdFusion security
|
features in Securing Applications in the <i>Developing ColdFusion Applications</i>.</dd><p class="dlseparator"></p><dt class="dlterm">Sandbox security</dt>
|
<dd xmlns:fn="http://www.w3.org/2005/xpath-functions" xmlns:fo="http://www.w3.org/1999/XSL/Format" xmlns:xs="http://www.w3.org/2001/XMLSchema">Using the ColdFusion Administrator, define the actions and resources
|
that the ColdFusion pages in and below a specified directory can
|
use.<div class="note"><span class="notetitle">Note: </span>If you have the Enterprise Edition of
|
ColdFusion, you can configure multiple security sandboxes. If you
|
have the Standard Edition of ColdFusion, you can only configure
|
a single security sandbox.</div>
|
<p>The Security area in the Administrator
|
lets you do the following tasks:</p>
|
<ul><li><p>Configure password
|
protection for the ColdFusion Administrator. For more information,
|
see <a href="WSc3ff6d0ea77859461172e0811cbf364104-7fca.html">ColdFusion Administrator password protection</a>.</p>
|
</li>
|
<li><p>Configure password protection for RDS access. For more information,
|
see <a href="WSc3ff6d0ea77859461172e0811cbf364104-7fc9.html">RDS password protection</a>.</p>
|
</li>
|
<li><p>Enable, disable, and customize ColdFusion security, on the
|
Security > Sandbox Security page (called Resource Security page
|
in the Standard edition). For more information, see <a href="WSc3ff6d0ea77859461172e0811cbf364104-7fc8.html">Using sandbox security</a>.</p>
|
</li>
|
</ul>
|
</dd><p class="dlseparator"></p></dl>
|
<ul class="navlinklist"></ul>
|
</div>
|
|
|
<!-- BEGIN USER PREFERENCES -->
|
<div id="userprefs">
|
</div>
|
<!-- END USER PREFERENCES -->
|
|
<div id="related">
|
|
|
<div class="separator"> </div>
|
</div>
|
<div id="footer">
|
<!-- BEGIN IONCOMMENTS -->
|
<div id="ionComHere">
|
</div>
|
<!-- END IONCOMMENTS -->
|
<!--#include virtual="/ssi/ionComments.ssi" -->
|
<p id="creativecommons"><a href="http://creativecommons.org/licenses/by-nc-sa/3.0/" id="creativecommons_text"><img id="creativecommons_img" src="images/CC.png" alt="This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License" /></a> Twitter™ and Facebook posts are not covered under the terms of Creative Commons.</p>
|
</div>
|
</td>
|
<td width="10px"></td>
|
<td id="inner_rightcolumn">
|
<!--#include virtual="rightcolumn.ssi" -->
|
</td></tr></table>
|
</div>
|
<!-- BEGIN BREADCRUMBS -->
|
<div id="breadcrumb">
|
|
<ul class="navigation"><li class="prev"><a accesskey="p" class="prev" href="WSc3ff6d0ea77859461172e0811cbf364104-7ff2.html" title="Administering Security"><img src="images/blank.gif" alt="Previous" width="17" height="17" /></a></li><li class="next"><a accesskey="n" class="next" href="WSc3ff6d0ea77859461172e0811cbf363b95-7ffb.html" title="Using password protection"><img src="images/blank.gif" alt="Next" width="17" height="17" /></a></li></ul><div class="hierarchy" id="hierarchy"><a href="WSf01dbd23413dda0e51f089d212047ee7a02-8000.html"><b>Home</b></a> / <a href="WSf01dbd23413dda0e51f089d212047ee7a02-8000.html"><b>Configuring and Administering ColdFusion 10</b></a> / <a href="WSc3ff6d0ea77859461172e0811cbf364104-7ff2.html"><b>Administering Security</b></a>
|
</div>
|
|
</div>
|
<!-- END BREADCRUMBS -->
|
<!-- END CONTENT WRAPPER -->
|
<!--#include virtual="contentfooter.ssi" -->
|
</td>
|
<td id="col3">
|
<div>
|
<img src="images/adobe-lq.png" />
|
</div>
|
</td>
|
</tr>
|
</table>
|
</div>
|
<!-- END PAGE CONTENT WRAPPER -->
|
<script type="text/javascript">
|
<!--[CDATA[
|
scrollToNameAnchor();
|
// ]]-->
|
</script>
|
<!--#include virtual="/en_US/ssi/productmenu.ssi" -->
|
<style>
|
#legal-notices{
|
margin:10px 40px;
|
font-size:11px;
|
}
|
</style>
|
|
<p id="legal-notices">
|
<script language="javascript">
|
var pageLoc = "en_US";
|
var metaElements = document.all ?
|
document.all.tags('meta') :
|
document.getElementsByTagName ?
|
document.getElementsByTagName ('meta') : new Array();
|
for (var m = 0; m < metaElements.length; m++) {
|
if (metaElements[m].name == "lang") {
|
pageLoc = metaElements[m].content;
|
break;
|
}
|
}
|
var ptn = /(..)-(..)/;
|
if (ptn.test(pageLoc)) {
|
var languageCode = pageLoc.replace(ptn, "$1");
|
var countryCode = pageLoc.replace(ptn, "$2");
|
pageLoc = languageCode + "_" + countryCode.toUpperCase();
|
}
|
|
var legalLoc = "en_US";
|
var legalText = "Legal Notices";
|
var legalPath = legalLoc;
|
var legalArray=[
|
"ar_AE", "إشعارات قانونية",
|
"bg_BG", "Юридически бележки",
|
"cs_CZ", "Právní upozornění",
|
"da_DK", "Juridiske meddelelser",
|
"de_DE", "Rechtliche Hinweise",
|
"el_GR", "Σημειώσεις νομικού περιεχομένου",
|
"es_ES", "Avisos legales",
|
"et_EE", "Juriidilised teated",
|
"fi_FI", "Lakisääteiset ilmoitukset",
|
"fr_FR", "Mentions légales",
|
"he_IL", "הצהרות משפטיות",
|
"hr_HR", "Pravne napomene",
|
"hu_HU", "Jogi közlemények",
|
"it_IT", "Informazioni legali",
|
"ja_JP", "法律上の注意",
|
"ko_KR", "법적 고지 사항",
|
"lt_LT", "Teisinės pastabos",
|
"lv_LV", "Juridisks paziņojums",
|
"nb_NO", "Juridiske merknader",
|
"nl_NL", "Juridische kennisgevingen",
|
"pl_PL", "Informacje prawne",
|
"pt_BR", "Aspectos jurídicos",
|
"ro_RO", "Prevederi legale",
|
"ru_RU", "Юридическая информация",
|
"sk_SK", "Právne upozornenie",
|
"sl_SI", "Pravni pouk",
|
"sv_SE", "Upphovsrätt",
|
"tr_TR", "Yasal uyarılar",
|
"uk_UA", "Юридична інформація",
|
"zh_CN", "法律声明",
|
"zh_TW", "法律注意事項"
|
];
|
|
for (var i = 0; i < legalArray.length; i+=2) {
|
if (pageLoc == legalArray[i]) {
|
legalLoc = pageLoc;
|
legalText = legalArray[i+1];
|
legalPath = legalLoc;
|
break;
|
}
|
}
|
document.write('<a target="_blank" href="http://help.adobe.com/'+legalPath+'/legalnotices/index.html">'+legalText+'</a>');
|
</script>
|
</p>
|
|
<!--#include virtual="/en_US/ssi/localfooter.ssi" -->
|
<!--#include virtual="footer.ssi" -->
|
<!--#include virtual="/ubi/analytics/analytics_ssi.html" -->
|
</body>
|
</html>
|
