CFUNITED – The premier ColdFusion conference CFMX7 Admin API Nate Nelson

Slides:



Advertisements
Similar presentations
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Advertisements

Fast Track to ColdFusion 9. Getting Started with ColdFusion Understanding Dynamic Web Pages ColdFusion Benchmark Introducing the ColdFusion Language Introducing.
NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.
Chapter 6: Hostile Code Guide to Computer Network Security.
Understanding and Managing WebSphere V5
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
OU Campus Intermediate Training Workshop. Agenda Administrator Overview and Roles Administrator Controls Administrator Configuration Setting Up Access.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
The powerful capabilities of JBoss Middleware as cloud based services on OpenShift. Build applications. Integrate with other systems Orchestrate using.
Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.
ColdFusion MX Server Administration J2EE Deployment and Clustering Adam Wayne Lehman J2EE Deployment and Clustering Adam Wayne.
JRun 4 & Macromedia MX Tommy Reilly JRun Engineer.
Real World Examples – Part II 7/26/2013Miro Remias, Sr. Solution Architect.
Oracle Application Express 3.0 Joel R. Kallman Software Development Manager.
Software Architecture for ColdFusion Developers Unit 4: Application Events and Global Variables.
What’s New in CF 8 Admin MDCFUG 8/14/2007 Ajay Sathuluri Sr. Web and Database Engineer TeraTech Inc.
Data File Access API : Under the Hood Simon Horwith CTO Etrilogy Ltd.
Security Planning and Administrative Delegation Lesson 6.
LogBox Enterprise Logging Brad Wood
Transfer 101 Dan Vega. 2www.cfunited.com About Me Programmer ColdFusion / Flex / AS3 / HTML / JS / CSS / Groovy & Grails Cleveland ColdFusion.
1 ® Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 1 Building Portlets with ColdFusion Pete Freitag Foundeo, Inc.
Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.
March 12 & 13, 2007 IIS 7.0 for CFML Developers Deploying on IIS 7.0 with Adobe ColdFusion and New.
The Future of ColdFusion Christian Cantrell ell.
Security Planning and Administrative Delegation Lesson 6.
CFUNITED – The premier ColdFusion conference ColdFusion Components Ajay Sathuluri Based on presentation.
Access control 2/18/2009. TOMCAT Security Model Declarative Security:  the expression of application security external to the application, and it allows.
Theo Rushin, Jr. Senior Web Application Developer World Singles and DoubleBlack Technologies 12/26/
London Connected Systems User Group – Feb “Instrument and Diagnose your BizTalk Solution in an efficient Way” Saravana Kumar BizTalk Server MVP.
8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.
Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK
© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.
Michael Mast Senior Architect Applications Technology Oracle Corporation.
CFUNITED – The premier ColdFusion conference Flex 2.0 and ColdFusion Integration – 101 Nahuel Foronda Laura Arguello.
ColdFusion and SMS Kevin Schmidt. June 27 th - 30 th 2007www.cfunited.com What is SMS? Short Message Service (SMS) Secure, reliable, virtually everywhere.
CFUNITED – The premier ColdFusion conference David Epler Constella Group Choices: The Other ColdFusion Servers.
CFUNITED – The premier ColdFusion conference ColdFusion Application Security The Top Ten Most Critical Web Application Security Vulnerabilities.
CFUNITED – The premier ColdFusion conference Using Event Gateways with CFMX7 By Jeff Tapper Tapper.net Consulting.
Leveraging ColdSpring to build a robust Flex applications Chris Scott, Cynergy Systems.
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
CFUNITED – The premier ColdFusion conference Undocumented CFMX Nate Nelson.
CFUNITED – The premier ColdFusion conference Creating and Consuming Web Services with CFML Charlie Arehart
Portfolio Analyzer Extender v. 1240
Xerox Analyst Training
BioLock (Biometric Home Entry System)
A Free, Open Source ColdFusion Content Management System
Advanced Regular Expressions
Business Connectivity Services in SharePoint 2010 and Office 2010
Sarge Sr. Technical Support Engineer Adobe Systems
Creating Novell Portal Services Gadgets: An Architectural Overview
HOW TO SETUP BELKIN ROUTER?. STEP 1: You need to start from connecting the hardware.You need to unplug your modem from the power source. If you cannot.
HOW TO SETUP CISCO ROUTER?. STEP 1: You need to start from connecting the hardware.You need to unplug your modem from the power source. If you cannot.
HOW TO SETUP DLINK ROUTER?. STEP 1: You need to start from connecting the hardware.You need to unplug your modem from the power source. If you cannot.
HOW TO SETUP NETGEAR ROUTER?. STEP 1: You need to start from connecting the hardware.You need to unplug your modem from the power source. If you cannot.
April Webinar: Advanced Configuration of Order Forms in Workflow
Building a CF Administrator Interface in Flex
ColdFusion Performance Troubleshooting and Tuning
Nate Nelson I*LEVEL, Inc.
Navigating GP Security
Leveraging ColdSpring To Make Better Applications
JAAS AuthN Tokens in uPortal and Beyond
SQL Server 2005 Reporting Services
Security Planning and Administrative Delegation
3rd Party Widgets & Custom Code
Getting Started With LastPass Enterprise
Creating and Consuming Web Services with CFML
Presentation transcript:

CFUNITED – The premier ColdFusion conference CFMX7 Admin API Nate Nelson

June 28 th – July 1 st 2006 Agenda  What is it?  Security Implications  Using the Admin API  Best Practices

June 28 th – July 1 st 2006 What is it?  ColdFusion MX 7 introduces programmatic access to most ColdFusion Administrator functionality.  The Administrator API (Admin API) is a set of ColdFusion Components (CFCs).  These CFCs have methods that allow completion of Administrator tasks without accessing the ColdFusion Administrator

June 28 th – July 1 st 2006 Where is it and What does it do?  cf_web_root/CFIDE/adminapi/  The CFCs represent the functional areas of the Administrator  Server Settings, Data & Services, Debugging & Logging, Extensions, Event Gateways, Security, and Enterprise Manager.

June 28 th – July 1 st 2006 The CFC’s  administrator.cfc. Login, logout, management of settings in the Migration and Setup Wizard. You must call the login method before calling any other methods in the Admin API.  base.cfc. The base object with common methods (such as dump) inherited by all other Admin API CFCs. This component should not be accessed directly. Its methods are available via the other components.

June 28 th – July 1 st 2006 The CFC’s  datasource.cfc. Provides ColdFusion data sources management.  debugging.cfc. Provides management of settings for ColdFusion debugging and logging.  eventgateway.cfc. Provides event gateway management.

June 28 th – July 1 st 2006 The CFC’s  extensions.cfc. Provides custom tags, ColdFusion mappings, CFXs, applets, CORBA, and Web services management.  mail.cfc. Provides management of ColdFusion mail settings.  runtime.cfc. Provides management of runtime settings for caching, charting, configuration, etc.

June 28 th – July 1 st 2006 The CFC’s  security.cfc. Provides management of Administrator and RDS passwords, and sandbox security.  serverinstance.cfc. Starts, stops, and restarts JRun server instances. Only available for ColdFusion MX 7 Multiserver configuration.

June 28 th – July 1 st 2006 Security  Soon after ColdFusion MX was released, developers learned how to access the ColdFusion ServiceFactory object, by using CreateObject() and calls to coldfusion.server.ServiceFactory.  This Java object gives developers complete access to all ColdFusion server objects, including the Data Source, Licensing, Runtime, and Security Services.

June 28 th – July 1 st 2006 Security  The intent of the ColdFusion Admin API is to solve the challenge of extending ColdFusion Administrator functionality to developers/users without compromising security or exposing direct access to the ServiceFactory.

June 28 th – July 1 st 2006 Security Risks  Unauthorized access by hackers.  Malicious use by rogue developers.  Unintentional damage to systemwide settings.  Inadvertent disclosure of sensitive server information.

June 28 th – July 1 st 2006 Security  ColdFusion Administrator Security must be enabled in order to secure the Admin API with the Administrator password. If this is disabled, both the ColdFusion Administrator and Admin API are left wide open.  The login() method of the administrator.cfc provides access control. You must authenticate with login() before using any methods of the other API components.  Admin Password: strong string, say a minimum eight characters of mixed-case, alphanumeric, and special characters.

June 28 th – July 1 st 2006 Using the Admin API  Use Component Browser Utility  ls/componentdoc.cfm ls/componentdoc.cfm

June 28 th – July 1 st 2006 Using the Admin API <!--- INITIALIZE ADMIN API -  request.CFADMIN_PASSWORD = "password"; request.adminObj = createObject("Component", "cfide.adminapi.administrator"); request.adminObj.login(request.CFADMIN_PASSWORD); //NOW Call the object to be used request.debuggingObj = createObject("component", "cfide.adminapi.debugging"); //NOW Call the method to be used request.debuggingObj.setIP(ipAddress);

June 28 th – July 1 st 2006 Best Practices  Control the Administrator/RDSPassword  Secure the AdminAPIdirectory /CFIDE/adminapi  Code custom admin modules providing end- user access to the Admin API  No access to the security.cfc or runtime.cfc.  Limit access to serverwide settings  Don’t hardcode Admin Password

June 28 th – July 1 st 2006 Usage for Blue Dragon 

June 28 th – July 1 st 2006 QA  ???  Nate Nelson 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.