لطفا منتظر باشید ...
Admin API Best Practices
The Admin API extends ColdFusion Administrator objects to end users. Like all things ColdFusion, Macromedia makes it easy to use this extremely powerful functionality. Administrators can even use the Admin API to expose administrative functions as Web services, enabling remote administration of ColdFusion servers from any client. As always, security should be the primary concern. Implement the following best practices for using the Admin API.
Admin API Configuration
- Control the Administrator and RDS Passwords. Enable strong Administrator and RDS passwords; do not use the same string for both passwords.Keep the passwords secret.Disable RDS on production systems.
- Secure the Admin API directory ( /CFIDE/adminapi). Create sandboxes for all application directories, and only enable access to the Admin API directory for the custom admin console. Console code needs only read and execute permissions on the Admin API files and folders.Enable operating system permissions. The ColdFusion user (usually LocalSystem on Windows, nobody on Unix) and administrator (or root) accounts should have full control. Only allow read and execute access for the Web server user and other authenticated users.Only allow access to the Admin API through custom console code.
Custom Console Coding Best Practices
Just a few custom console coding best practices include:
- Code custom admin modules that provide end-user access to the Admin API.
- Create methods with the same name as the API methods to avoid uncertainty.
- Chapter 6 for details on using cfcompile to encrypt ColdFusion templates.
