Status/Resolution/Reason: Closed/Won't Fix/
Reporter/Name(from Bugbase): nolan erck / nolan erck (nolan erck)
Created: 05/23/2013
Components: Installation/Config
Versions: 10.0
Failure Type: Enhancement Request
Found In Build/Fixed In Build: Final /
Priority/Frequency: Trivial / Unknown
Locale/System: English / Platforms All
Vote Count: 0
One of the common warnings about installing ColdFusion is "don't enable RDS on a Prodcution server, as it opens up some security concerns." The only real difference in a Dev/QA server and a Production server is whether or not a serial # has been entered. We could combine these 2 things and make ColdFusion more secure.
Whenever a serial number is entered into a CF Server, automatically disable RDS at the same time (with the appropriate warning message on the screen, of course). Here's what I envision:
1. User installs CF Server.
2. If it's a Dev or QA server, no further action is needed. RDS may or may not be enabled, depending on what options was selected during installation.
3. If a serial # is added to the server, this means we're now dealing with a Production server. As soon as the serial # is added successfully, automatically disable RDS. This prevents RDS from being accidentally activated on Production boxes.
4. If a user really -does- want to go back later and re-enable RDS, allow them to do so, but only after clicking some sort of "are you really sure you want to do this?" message.
That way I -can- turn on RDS if need be (to debug an issue that only happens in Production, for example) but it's not activated in Production unless I explicitly asked to do so. Fewer ColdFusion machines running RDS unnecessarily, fewer security issues for the majority of the customers.
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3566375
External Customer Info:
External Company:
External Customer Name: NolanErck
External Customer Email:
External Test Config: My Hardware and Environment details:Attachments:
Comments: