During the install process, the installer will try to create a mapping called FuseTalkForums. This automatic process may fail do to several reasons (i.e. Sandbox security is enabled on your website and you don't have access to the CFOBJECT tag). To verify if the mapping has been properly created you should do the following.

A. Login to your ColdFusion administrator and go to the mappings section. B. If the FuseTalkForums mapping doesn't exists, create it. C. If it does exists double check the path. The following is a clarification on what the path should be. A FuseTalk installation has several directories, some of which are "com", "forum", "globaladmin", and "install". The mapping needs to point to the directory which FuseTalk had been extracted in. If my directory structure is c:\inetpub\wwwroot\fusetalk\com, c:\inetpub\wwwroot\fusetalk\forum etc my mapping should be c:\inetpub\wwwroot\fusetalk. D. Once you are certain that the mapping is OK edit the following files with a text editor. forum\include\ini\webroot.cfm and globaladmin\include\ini\webroot.cfm. Ensure that the first line of the code is this:

We recommend that you enter the username and password of the database in the datasource information of the ColdFusion administrator. This is more secure since ColdFusion encrypts the password before inserting it in the registry. If, for some reason, you cannot put your database credentials in the ColdFusion datasource you can enter it in the datasouce.cfm templates.

Since the installer has attempted to edit the datasource.cfm templates for you it will have inserted the database credentials that you supplied in step 1 of the install process. This means that it will insert the sa/dbo credentials. This might, or might not be an issue but it should be noted. We recommend that you create a non-dbo user to run FuseTalk.

If you decided to create a "regular" user for FuseTalk ensure that he has insert, delete, update and select access to all tables of the database.

FuseTalk stores several cookies on the user's browser. One of these cookies is used to keep the FuseTalk state alive. This cookie is only issued when you logged and its value allows FuseTalk to know who you are at all times. Unless specified by the user the cookie is deleted when the browser is closed, but the user has the option to remember the cookie. This means that the cookie and the value are stored on the user's hard drive. Because of this reason we encrypt the value of the cookie. Here is the reason why.

If the value of the cookie was not encrypted, I could login to the forum and ask FuseTalk to remember my cookie for future use. I could then proceed to close all my browsers and change the value of the cookie to a value which will log you in as the administrator. The next time I would hit FuseTalk, if I had successfully edit the cookie FuseTalk would think I am the administrator of the forum. Alas, hackers, we have thought of a way to prevent you from doing this by encrypting the cookie. Although encryption is a good start it is not perfect. This is the reason why we let the administrators choose their own key. This should be done prior to any interaction with the forum and is highly recommended.

What will changing the key do for you? If you don't change the key a hacker could feasibly create a program to encrypt a value using the FuseTalk default key and insert that value into the cookie it received from FuseTalk as explained above. If the value of the key is proprietary to your forums, nobody will have access to it but you and it will then become practically impossible to use cookies to "hack" your forums.

Although no security issues have been detected if you leave those directories in the root of FuseTalk it is recommend that you remove them. In case there were some issues, your installation will not be susceptible to them.

To do this click on the Settings Main Settings Menu option. The following are explanation for a few key settings.

Community URL: This is the URL to your FuseTalk installation. If the "com", "forum", and "globaladmin" directories are located at http://dominic.fusetalk.com/fusetalk, then http://dominic.fusetalk.com/fusetalk should be the value of this setting. Server URL: In this case the value of this setting should be http://dominic.fusetalk.com. SMTP Server Details: For various mail operations FuseTalk requires a smtp server. If your SMTP server requires or accepts a username and password it should be inputted. Allow Special Characters in Username: This setting should almost always stay to "No". This setting prevents any characters but alphanumeric characters to be used as a username. Why is this important? If for example I my username is dplouffe, somebody could create a user called dplouffe . Since a web broser will covert the to a space ("dominic ") users reading the forums will not be able to differentiate between both users.