Setting Up a Security Server
When setting up a Security server in a non-clustered environment, the Security server is the server hosting ColdFusion, where your ColdFusion programming resources, files, data sources, custom tags, Verity collections and so on, are found. In a clustered environment, you can define a single Security server in the cluster to handle all security authentication and authorization. In this case, the other servers in the cluster all point to the Security server to authenticate and authorize users and groups.
Note
You can only administer Advanced Security from the Security server.
To set up a security server:
- Open the ColdFusion Administrator. In the Server section, select the Advanced Security page.
- Select the Use Advanced Server Security check box. This enables you to set up a security context with policies, rules, and users.
- Enter the physical location of the security server and click Apply. By default, this is the localhost IP# 127.0.0.1. You can supply an IP address or a logical name that can be resolved to a physical address.
- Enter a Shared Secret, which is part of the encryption key that validates Advanced security transactions. Since the default is the same for all ColdFusion Server configurations, you should change the shared secret at least once.
- ColdFusion reserves the Authorization and Authentication ports to pass security information. Change the port number values only in the unlikely event that these ports are already in use by some other process on the specified server.
- Click to enable the Security Server Cache if you want ColdFusion to cache security information on the security server. This can improve performance since cached security data can be used instead of querying the security server for each operation. This cache is flushed every two hours.
- Click to enable the ColdFusion Server Cache option if you want ColdFusion to cache security transactions. Enabling this cache can help improve performance. This cache is flushed every two hours.
- Click to enable Security Sandbox Settings if you want to activate existing security sandbox settings. See Implementing Server Sandbox Security for more information.
You can also change the Refresh Interval setting, which determines how often a
cache gets flushed. Since both user session and rules use two cache buffers apiece,
if you set the refresh interval to 1 hour an entry will be cached for a minimum of 1
hour and a maximum of 2 hours.
The Maximum Cache Entries option sets the maximum number of entries for each
cache buffer. If you exceed the number, a warning is written to the server.log
file.
Next step: Identifying User Directories.
AllaireDoc@allaire.com
Copyright © 1998, Allaire Corporation. All rights reserved.