> Is there anyway to have multiple users for RDS in CF 5 or is 
> the password set for studio the only password available to use 
> for RDS?

You have a couple of options to allow multiple users.

One is to use Advanced Security to secure RDS access. The other is to
configure web server authentication on RDS connections. I'll pass on
describing the first one (Jochem van Dieten is probably the best source of
info for that on this list), but here's the second:

All RDS access from CF Studion consists of GET requests for
/CFIDE/Main/ide.cfm. So, if you set the permissions on that file and/or
configure the web server to require a login rather than using anonymous
access, the Studio user will be prompted with a browser authentication
prompt.

If you're using IIS, simply set the appropriate NT permissions on the Main
directory, then configure IIS to use either Basic or NTLM/Windows
Authentication, and before CF Studio users get the CF password prompt,
they'll get the web server prompt.

However, if you do this with CF 5, there's a little issue; it's really a bug
of sorts, although minor. The CF 5 install creates the Main directory in the
web root, instead of within the CFIDE directory (which is where Studio's
looking for it). By default, on IIS, however, if a request for a CFM file is
received, IIS immediately passes it to CF, which checks to see if the
request is for /CFIDE/Main/ide.cfm. If it is, the request is immediately
passed to RDS, otherwise it's passed to the CF Server. Now, the key issue
here is that IIS doesn't check for the file's existence before passing the
request to CF. So, to use web server authentication with CF 5 RDS on IIS,
you have to move the Main directory into your CFIDE directory - and you have
to ensure that EVERY virtual server has a directory mapping so that
/CFIDE/Main/ide.cfm resolves to an actual file! Alternatively, you can
enable the option for the CF ISAPI extension so that it checks for the
existence of the file before passing it to CF, but that imposes extra
overhead.

Again, since I'm feeling pretty good, I'll mention that this issue is
covered in depth in the new Fig Leaf Software course, "Securing ColdFusion
Servers on Windows".

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to