Advanced ColdFusion Administration
Configuring Basic Security

Configuring Basic Runtime Security

Basic security lets you disable execution of seven CFML tags that could present security hazards. You can, however, specify a special directory, called the Unsecured Tags Directory; this is the only directory from which ColdFusion will execute tags you disable with Basic security. Tags you disable with Basic security remain disabled if you switch to Advanced security.

To restrict tag execution

1. Open the ColdFusion Administrator and click the Security link at the top of the navigation bar.

   

2. Click the Tag Restrictions link.
3. On the Tag Restrictions page, clear the check box that appears in front of each tag you want to disable. You can block execution of the following tags:
   • cfcontent
   • cfdirectory
   • cffile
   • cfobject
   • cfregistry
   • cfadminsecurity
   • cfexecute
   • cfftp
   • cflog
   • cfmail
   • The cfquery dbtype = dynamic attribute
   • The connectString attribute, available in the cfgridupdate, cfinsert, cfquery, cfstoredproc, and cfupdate tags.
4. Click the Submit Changes button.
5. To specify a directory from which otherwise blocked tags can be executed, enter a fully qualified path (using forward slashes) in the Unsecured Tags Directory field. By default, this is the directory in which the ColdFusion Administrator is installed.

ColdFusion displays an error message when it encounters a restricted tag in an application. For more information about these tags, see to the CFML Reference.

Copyright © 2001, Macromedia Inc. All rights reserved.

---