Use either of the two mutually exclusive security frameworks, Basic or Advanced, to protect ColdFusion application and deployment.
The Basic Security framework activates by default during ColdFusion installation. It secures the ColdFusion server in the following ways:
Application development — It protects access to data sources and files with passwords, and blocks access to some sensitive ColdFusion tags.
Application deployment — It prevents applications from executing several ColdFusion tags that could be used to update, delete or manipulate server files.
Administrative access — It protects access to ColdFusion Administrator pages with a password.
ColdFusion includes an Advanced Security framework. It provides scaleable, granular security in the following ways:
Application development — It controls access to files, data sources, and administration for each developer on your team. You coordinate team development on shared servers with the assurance that sensitive data and applications are secure.
Application deployment — It creates complex rules to programmatically control access to functionality within applications. You can set up multiple levels of user access within an application, and confine applications to secure areas that restrict the access applications have to directories, components, databases, or other resources on the server.
Administrative access — It assigns different degrees of administrative access to specified users.