• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 11. Using the Administrator API > Admin API Best Practices

Admin API Best Practices

The Admin API extends ColdFusion Administrator objects to end users. Like all things ColdFusion, Macromedia makes it easy to use this extremely powerful functionality. Administrators can even use the Admin API to expose administrative functions as Web services, enabling remote administration of ColdFusion servers from any client. As always, security should be the primary concern. Implement the following best practices for using the Admin API.

Admin API Configuration

  • Control the Administrator and RDS Passwords.

    Enable strong Administrator and RDS passwords; do not use the same string for both passwords.

    Keep the passwords secret.

    Disable RDS on production systems.

  • Secure the Admin API directory (/CFIDE/adminapi).

    Create sandboxes for all application directories, and only enable access to the Admin API directory for the custom admin console. Console code needs only read and execute permissions on the Admin API files and folders.

    Enable operating system permissions. The ColdFusion user (usually LocalSystem on Windows, nobody on Unix) and administrator (or root) accounts should have full control. Only allow read and execute access for the Web server user and other authenticated users.

    Only allow access to the Admin API through custom console code.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint