Configuring Administrator Security

ColdFusion Express Server offers one level of security: Basic security. Basic security allows you to secure the ColdFusion Administrator with a password.

To access Basic security settings in the ColdFusion Administrator, open the Server, Basic Security page.

If you upgrade to ColdFusion Professional or Enterprise edition, ColdFusion also offers Advanced security. Advanced security allows you to exercise a high degree of control over a wide range of ColdFusion resources, including CFML tags (as well as individual tag ACTION types), specific SQL operations, as well as other ColdFusion resources.

Installation defaults

The ColdFusion Administrator installs with secure access enabled. The password you enter as part of the setup is saved as the default, so that when you open the Administrator for the first time, you are prompted to enter the password. We recommend that you continue to use Administrator security until you complete the ColdFusion server configuration.

Disabling Administrator security

You can disable Basic security for the ColdFusion Administrator on the Server, Basic Security page. Once you've disabled this option, anyone can open the Administrator pages and make changes to ColdFusion Server settings.

Securing data sources

You can take the following measures to secure the data sources that you intend to use with ColdFusion Express:

Basic Security limitations

ColdFusion Basic security hinges on the protection of a single password per server. As long as the password is kept secret, unauthorized access to the Administrator and databases on the server is impossible. It's important to understand that this security model has two liabilities: