ColdFusion hosting is very popular these days. You will get many ColdFusion hosting providers these days and it is very difficult to decide which one is good for you. There are few questions will help you to decide who is a potential ColdFusion hosting provider. You should ask about pricing offered, security concerns over ColdFusion, features on the package being provided to you, resources of the package and the support provided to you.

SECURITY

Let’s start with the most important part security. Security is not for asked but comes in default with ColdFusion hosting. Below are few questions regarding security you should ask the provider, while going for a sign up. The way of their answer will give you an outline of the security levels for this service provider.

Is ColdFusion Enterprise Edition installed on the server I am hosted on?

Not necessary but it is preferable for going for a server hosted on a machine running on ColdFusion Enterprise Edition. This is because ColdFusion Enterprise Edition is the only version that will allow you to use the security feature Sandbox Security in ColdFusion. For example if you are hosted on a Shared server, you neither have knowledge nor do control over the code being run by other customers who are sharing your server. Now if Sandbox Security is not enabled, there is a probability of other account holders uploading all kind of malicious ColdFusion code and causing problems on your server. Using the tags like CFDIRECTORY and CFFILE you can access any file on the server. It also includes the one in your directory. Installing Sandbox Style security will help you to ban the access of other users into your directory. They will not be able to look behind their own web directory on the shared server.

Banned Tags on ColdFusion

There are several tags in ColdFusion that should be disabled in a shared hosting plan. Some of them are:

CFDIRECTORY and CFFILE: if each of the ColdFusion site on the server is has got his own Sandbox, it’s not compulsory to disable these tags. ColdFusion will ban these tags once the server is Sandboxed. Once banned any attempt to view or control files will all go in vain.

CFEXECUTE: this command is used on the server to execute programs via command line. A server, specifically running with ColdFusion as default configuration, writing script using CFEXCUTE to create a new Administrator account on the server. And a machine with such susceptibility is not preferred by customers for their servers.

CreateObject: it is used to create COM and JAVA objects that can compromise the security of the server. In ColdFusion you will get options to shutdown particular programs like CORBA, JAVA, WEBSRVICE and COM. These functions should be disabled on CreateObject, so they will not eat the room for CFC and other web services required.

CFREGISTRY: if your project requires CFREGISTRY to be enabled on the server, then it’s not suitable for the Shared Hosting Environment.

Custom tag folder disabled or enabled?

If the custom tag folder is disabled by the hosting provider then it’s good. While if the answer is no and the customs tag is enabled then you are running on a security risk. You can’t disable the custom tag folder and customers can avoid existing policies of sandbox causing a threat to your account.

JSP functionality?

One of the benefit of having a dedicated server is JSP or JavaServer Pages. With the help of ColdFusion JSP in included from J2EE application server running out of sight. So JSP is great when included on dedicated servers but when it comes for the shared machine, it will cause harm to security of your server as ColdFusion’s Sandbox Security is unable to restrict access to functionality which is exposed to JSP.

Remote Development Services (RDS) disabled or enabled?

When going for a Shared Hosting plan it’s better to have disabled RDS.

Is debugging enabled?

On a production server robust debugging is generally not preferred, for the user who receives an error, let it be intentional or by accident. Reason is because it can reveal sensitive portions of your source code SQL statements.

Access to the administrator on Cold Fusion is secured or not?

On a shared server Administrator API and CFIDE should never be available to various users on shared server.

PRICING

On an average rates for ColdFusion hosting ranges from $ 3.00 USD to $ 300 USD per moth, depending how rich the plan is on resources. All the hosting plans for ColdFusion hosting are not equal and their cost varies according to the features on the plan. Some of the features are allocated disk space, operating system type or e-mail accounts provided. Don’t get excited about the less expensive plans, this is not about a good deal but instead this indicates the provider is running older version of ColdFusion. One more reason for the low prices is that the provider has only installed only ColdFusion Professional Edition it has less features when compared to ColdFusion Enterprise Edition. There are many advantages of using ColdFusion Enterprise Edition over ColdFusion Professional Edition. Like Enterprise Edition can host multi-homed or shared servers and has many security measures. While on the other hand you can’t host multi homed or shared servers on Professional Edition and Sandbox Security is not offered on the server. Professional Edition may cost you between $40-60 USD.

SUPPORT

One more important thing is support, directly ask for the support when going for a sign up. Support will help you is something goes wrong on the server. You can ask for some additional features from the support like custom tags, DSN mappings, indexes and schedules. Commonly there are two kind of support system provided to the customers. First one is needs you to create a support ticket and wait for an administrator to verify your request. Other one is providing the customers a self-help method via customer control panel. It includes an automated request. Check the staff of the support team is knowledgeable about ColdFusion or not.

RESOURCES

On a shared server you are not just sharing disk space with other sites. Many other system resources are also shared like bandwidth, processing, and RAM availability. Find out the quota of the server first before going for a server.