ColdFusion Remote Development Services (RDS)

ColdFusion RDS is a component of ColdFusion Server used by the ColdFusion Administrator and ColdFusion Studio to provide remote HTTP-based access to files and databases. You can use RDS to manage ColdFusion Studio access to files and databases on a server hosting ColdFusion.

RDS provides both Basic and Advanced security services for ColdFusion, allowing you to configure the level of security you need for your situation. For more information see Chapter 5, "Configuring Advanced Security".

Basic security options managed by RDS can be found in the Administrator Server, Basic Security page, where you will find options for defining passwords and securing a subset of ColdFusion tags.

Basic security limitations

ColdFusion Basic security hinges on the protection of a single password per server. So long as the password is kept secret, unauthorized access to the files and databases on the server is impossible. It is important to understand that this security model has two liabilities:

Password vulnerability. The password can be lost, stolen, or hacked.
Access control is generalized, that is, remote developers have access either to all files and data sources, or none. With Basic security, you can't protect individual directories and or databases.

Securing ColdFusion file resources

The following table shows how ColdFusion Basic security compares with native OS options available to you in securing files for remote development:

Method

Description

Security Model

LAN-based
Uses the native file system to provide access to local and network drives.
Access is determined by the network permissions of user logged into workstation where Studio is being run.

FTP-based
Connects to an FTP server running on same machine as the target Web server.
Permissions defined using the native security of the FTP server software.

RDS-based
Interacts with the remote file system using RDS on the target ColdFusion Server.
Files on the target server can be secured with the ColdFusion Studio password.

Method	Description	Security Model
LAN-based	Uses the native file system to provide access to local and network drives.	Access is determined by the network permissions of user logged into workstation where Studio is being run.
FTP-based	Connects to an FTP server running on same machine as the target Web server.	Permissions defined using the native security of the FTP server software.
RDS-based	Interacts with the remote file system using RDS on the target ColdFusion Server.	Files on the target server can be secured with the ColdFusion Studio password.

Securing ColdFusion data sources

The following table shows how ColdFusion Basic security can be configured to secure ColdFusion data sources:

Method

Description

Security Model

Basic security is enabled on the local workstation.
Data sources are accessed through RDS on the local ColdFusion Server.
Data sources that are accessible to the user locally are accessible through ColdFusion Studio.

Basic security is enabled on the remote server.
Data sources are accessed through RDS on the remote ColdFusion Server.
Data sources that are accessible to ColdFusion Server are accessible remotely via ColdFusion Studio.

Method	Description	Security Model
Basic security is enabled on the local workstation.	Data sources are accessed through RDS on the local ColdFusion Server.	Data sources that are accessible to the user locally are accessible through ColdFusion Studio.
Basic security is enabled on the remote server.	Data sources are accessed through RDS on the remote ColdFusion Server.	Data sources that are accessible to ColdFusion Server are accessible remotely via ColdFusion Studio.

By using a LAN based file access model and by restricting developer data source access to the local workstation, a very secure development environment can be achieved.

Advanced ColdFusion Administration
Configuring Basic Security