
Securing ColdFusion • Chapter 10 413
NOTE
Do not password-protect the CFIDE directory, as there are parts of it
that are used by some ColdFusion tags. Only password-protect the
administrator subdirectory.
A third potential security hole comes from one of the best features
of ColdFusion: the ColdFusion Studio Remote Development Service
(RDS).This feature allows anyone with both a version of ColdFusion
Studio and the proper password to connect to a machine remotely and
edit files as if they were local.This connection is partially governed by
HTTP and can be attacked in that way. An attempted crack of a RDS
password is much harder to do, because other protocols ...