About runtime security

Basic Security means that application developers have to address runtime security issues because they cannot authenticate users and authorize application access. (These abilities are part of the Advanced Security measures provided in the Enterprise edition of ColdFusion.)

 

A security hazard can arise from the use of some ColdFusion tags when multiple customers use a server, such as in the case of ISP servers. For example, someone can use the cfile and cfdirectory tags to upload or manipulate files and directories on the server, and the cfcontent to download or delete files on the server.

 

However, Basic Security measures enable you to set ColdFusion tag restrictions. ColdFusion displays an error message at runtime when it encounters a restricted tag. For details, see Set ColdFusion tag restrictions.

 

After disabling tags, consider specifying a special directory called the Unsecured Tags Directory. ColdFusion executes restricted tags from this directory only.

Related topics