BackUp LevelNext

Security Overview

Security options in ColdFusion have been greatly enhanced in this release. ColdFusion Server now supports several different types of Advanced Security:

Choosing Advanced Security in the ColdFusion Administrator overrides any settings you may have made in the Basic Security Administrator page.

Note

Advanced security is not currently supported in ColdFusion Server for Solaris.

Security Concepts

ColdFusion advanced security consists of the following elements:

Advanced Security Concepts 
Term Description
Security contexts At the top level of the security hierarchy, the security context is a kind of container in which rules, policies, and users are referenced.
Security rules You use rules to define the access restrictions you want for a particular ColdFusion resource, such as defining which SQL statements are allowed to be executed against a specific data source or which CFML tag ACTIONS are restricted.
Users/groups Individual users and groups are authenticated within a particular domain. A security domain can be a specified Windows NT domain or an LDAP directory.
User directories Defines the mechanism to use when authenticating users. Available mechanisms are: A Windows NT domain, which authenticates users with accounts on the server you specify; an LDAP directory to store user and group account information.
Security policies A policy associates specific users or groups with a set of resource restrictions that these users have access to. These restrictions are in the form of rules, such as allowing a particular user or group to execute a SQL UPDATE on a particular data source.
ColdFusion resources ColdFusion resources are things like data sources, Verity collections, ColdFusion tags, custom tags, specific files and so on.
Security server A hostname or IP address you specify where the security authentication and authorization services run. These services are used to authenticate individual users or groups.
Security sandboxes A security framework established by applying a particular security context, with all that it contains, to a directory structure. Intended mainly to help ISPs hosting ColdFusion applications to partition application pages in individually secure areas.

Implementation summary

ColdFusion advanced security is implemented by defining the following elements in order:

  1. A security server.
  2. A security context.
  3. A user directory, either an NT domain or an LDAP directory.
  4. Rules governing particular ColdFusion resources.
  5. Users and groups for whom the rules will apply.
  6. Policies that group users and rules together into logical elements.

BackUp LevelNext

allaire

AllaireDoc@allaire.com
Copyright © 1998, Allaire Corporation. All rights reserved.