Because the Basic and Advanced Security frameworks are mutually exclusive, you have to decide on the framework that is appropriate for your needs.
Notes
Basic Security activates during ColdFusion installation. If you activate Advanced Security, you override Basic Security settings except for tag restrictions. These restrictions remain in place.
If you disable both Basic and Advanced Security, anyone who has access to the ColdFusion Server can access resources and ColdFusion Administrator pages. Therefore, when you install ColdFusion, leave Basic Security passwords in place until you finalize and implement a security plan.
Security is never absolute. Technology evolves quickly and the Web is an environment that favors openness and access over privacy and security. Regularly review your security plan to be sure your requirements have not changed.
No security model is perfect for every application or development environment. For example, an intranet deployed only to employees from a server behind a company's firewall and an e-commerce site on the Web have different security plans. Weigh the costs and benefits of the security options in the context of your site requirements.
Trust is an important concept. How open you make your ColdFusion environment depends on whether you trust your users. Generally, the level of trust is inversely proportional to the level of security you have to implement. If you trust users, then you can probably create a less secure environment. If you mistrust users, implement a more complex and restrictive security plan.
Basic Security covers all phases of application development and deployment. It is a good solution for trusted users because it offers them a single access level.
Consider implementing Basic Security if you have legacy systems or other security models in place. It requires little support from you as the ColdFusion Server administrator. Choose a password that cannot be guessed easily, and change it regularly.
Developers, on the other hand, have to spend more time writing their applications when Basic Security is in place. Granular runtime access security is possible with Basic Security, but it involves custom development.
Advanced Security gives you a great deal of flexibility and control, but requires more time and effort to set up and maintain than Basic Security. Depending on how you implement it, Advanced Security can also affect performance when developers access resources from ColdFusion Studio or when users run ColdFusion applications.