From Adobe ColdFusion 11 Security Technical Implementation Guide
Part of SRG-APP-000172-AS-000120
Associated with: CCI-000197
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
Access the Administrator Console through a web browser. Look for indications that the communication is an https session through the prefix of https on the url and/or the lock icon, depending on the browser in use. If https does not appear to be in use, this is a finding.
Review the documentation for the web server where the Administrator Console is being hosted and setup https encryption to protect passwords during the authentication process.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer