لطفا منتظر باشید ...
Securing RDS
As mentioned, RDS offers great benefits to developers; however, these services also introduce new security risks. To deal with this, ColdFusion offers a development security model, discussed in Chapter 8, "ColdFusion Security Options." It is always recommended to disable RDS access on production servers.
Enabling RDS Password Security
ColdFusion restricts RDS access via Dreamweaver, HomeSite+, the ColdFusion ReportBuilder, and ColdFusion Studio with password security. This combined protection is enabled by default and secured using the password entered during installation.Use the following steps to enable password protection, as shown in Figure 10.1:
| 1. | In the RDS Password page, enable Use an RDS Password for Dreamweaver, HomeSite+, or the ColdFusion ReportBuilder. |
| 2. | In the New Password text box, enter a password (up to 50 characters). |
| 3. | Confirm your new password in the Confirm Password text box. |
| 4. | Click Submit Changes to save the password. If you make a mistake and enter passwords that do not match, you'll see an error message. |
Figure 10.1. Enable the RDS Password in the ColdFusion Administrator's RDS Password screen.
[View full size image]
Disabling RDS on Production Servers
ColdFusion implements RDS as a servlet mapped in the web.xml file. It is strongly recommended that server administrators disable the RDS services on servers that are not being explicitly used for development, and on servers that do not require remote access to files and databases.CAUTION
Administrators should be aware that disabling the RDS services will also disable several Java applets in the ColdFusion Administrator, including the applet used to configure a file-based data source. If this functionality is required, you'll have to temporarily enable RDS, modify the server configuration, and disable RDS again.To disable RDS in ColdFusion, do the following:
| 1. | Stop ColdFusion. |
| 2. | Back up the web.xml file.On Windows, the path is cf_root\wwwroot\WEB-INF\web.xml.On Unix systems, the path is cf_root/wwwroot/WEB-INF/web.xml.For the multiserver and J2EE configurations, the path is cf_root/WEB-INF/web.xml. |
| 3. | Open the original file in an editor, and comment out the RDSServlet mapping as shown in Figure 10.2:
Figure 10.2. Use a text editor to comment out the RDSServlet servlet mapping in the web.xml file.[View full size image]  |
| 3. | Restart ColdFusion. |
![[View full size image]](/image/library/english/13876_10fig01_alt.gif;400477){kind=link}
![[View full size image]](/image/library/english/13876_10fig02_alt.gif;400477){kind=link}