BackUp LevelNext

Overview of User Security

The advanced User Security feature allows ColdFusion developers to authenticate users and match protected resources with authorized users in ColdFusion application pages.

The User Security feature is composed of the following elements:

Advanced Security Concepts 
Term
Description
Security contexts
At the top level of the security hierarchy, the security context is a kind of container in which rules, policies, and users are referenced.
Security rules
You use rules to define the access restrictions you want for a particular ColdFusion resource, such as defining which SQL statements are allowed to be executed against a specific data source or which CFML tag ACTIONS are restricted.
Users/groups
Individual users and groups are authenticated within a particular domain. A security directory can be a specified Windows NT domain or an LDAP directory.
User directories
Defines the mechanism to use when authenticating users. Available mechanisms are: a Windows NT domain, which authenticates users with accounts on the server you specify; an LDAP directory that stores user and group account information.
Security policies
A policy associates specific users or groups with privileges to a set of restricted resources that these users have access to. These restrictions are in the form of rules, such as allowing a particular user or group to execute a SQL UPDATE on a particular data source.
ColdFusion resources
ColdFusion resources include data sources, Verity collections, ColdFusion tags, custom tags, specific files, and so on.
Security server
A hostname or IP address you specify where the security authentication and authorization services run and is used to authenticate individual users or groups.
Security sandboxes
A security framework established by applying a particular security context, with all that it contains, to a directory structure. Intended mainly to help ISPs hosting ColdFusion applications to partition application pages in individually secure areas.

Implementation summary

To implement runtime user security for applications, you use the ColdFusion Administrator to

After the security framework is in place, you use the CFAUTHENTICATE tag in individual application pages (or the Application.cfm file) to authenticate users. The IsAuthenticated and IsAuthorized functions enable developers to offer or deny access based on the established security policies.

See the Example of User Authentication and Authorization in this chapter to see code examples that show how this works.


BackUp LevelNext

allaire

AllaireDoc@allaire.com
Copyright © 1998, Allaire Corporation. All rights reserved.