Using password protection

ColdFusion Administrator password protection
Configurable seed for password encryption
RDS password protection

Password protection restricts access to the ColdFusion Administrator and to a ColdFusion server when you attempt access through RDS security.

ColdFusion Administrator password protection

Secure access to the ColdFusion Administrator is enabled by default. The password that you enter during installation is saved as the default. You are prompted to enter this password whenever you open the Administrator.

Password protection for accessing the Administrator helps guard against unauthorized modifications of ColdFusion, and Adobe recommends using passwords. You can disable or change the Administrator password on the Security > CF Admin Password page.

Configurable seed for password encryption

You can specify a new seed value to encrypt data source passwords.

To modify the default seed value assigned by ColdFusion or to change the value you specified,

In the ColdFusion Administrator, got to Security > Administrator and then in the Password Seed section, specify the new seed value between 8-500 characters.
Click Submit Changes.

Note: When you modify the seed value, all data source connections are reset. Therefore, Adobe recommends that you perform this task when the server is idle or at the initial phase (after installation).

RDS password protection

If you configured password protection for RDS access when you installed ColdFusion, you are prompted for the password when you attempt to access ColdFusion from Dreamweaver MX 2004, HomeSite+, or the ColdFusion Report Builder.

You can disable RDS or change the RDS password on the Security > RDS Password page.

Note: Disabling RDS also disables the applet that the ColdFusion Administrator uses in file-related dialog boxes.

If you use RDS security, you rely on web server and operating system security settings to set permissions for ColdFusion application and document directories.