RDS is used to allow developers direct access to ColdFusion data sources, cfm/cfc files, and some critical services. While helpful during development, it is imperative that RDS be disabled in your test or production environments to prevent access to sensitive assets.
Note that disabling the RDS service here may not sufficiently disable it in ColdFusion. Inspect the web.xml file within {CF-ROOT}/wwwroot/WEB-INFfor the following servlet mapping. If found, remove it.
<!--- begin RDS ---> <servlet-mapping id="coldfusion_mapping_9"> <servlet-name>RDSServlet</servlet-name> <url-pattern>/CFIDE/main/ide.cfm</url-pattern> </servlet-mapping>
If you are using RDS in a development environment, be sure to set a strong password here.
Tip: Be sure to review our ColdFusion security recommendations to help secure your server.
