Security Overview  
 
 

Security options in ColdFusion have been greatly enhanced in this release. ColdFusion Server now supports several different types of Advanced Security:

  • User security -- Implemented in ColdFusion application pages by the ColdFusion developer. User Security offers runtime user authentication and authorization. See Implementing User Security and Developing Web Applications with ColdFusion for more information.
  • Remote Development Security (RDS) -- Where developers accessing server resources through ColdFusion Studio are authenticated before receiving access to protected resources. See Developing Web Applications with ColdFusion for more information about RDS.
  • Server sandbox security -- Controlled by the ColdFusion administrator of a hosted site, offers runtime security based on directory access at hosted sites (ColdFusion Enterprise only). See Implementing Server Sandbox Security for more information.
  • Administrator security -- Individual administrative operations can be secured against unauthorized access.

Choosing Advanced Security in the ColdFusion Administrator overrides any settings you may have made in the Basic Security Administrator page.

 
 
  Note  
 

Advanced security is not currently supported in ColdFusion Server for Solaris.

 
 
  Security Concepts  
 
 

ColdFusion advanced security consists of the following elements:

Advanced Security Concepts 
Term
Description
Security contexts
At the top level of the security hierarchy, the security context is a kind of container in which rules, policies, and users are referenced.
Security rules
You use rules to define the access restrictions you want for a particular ColdFusion resource, such as defining which SQL statements are allowed to be executed against a specific data source or which CFML tag ACTIONS are restricted.
Users/groups
Individual users and groups are authenticated within a particular domain. A security domain can be a specified Windows NT domain or an LDAP directory.
User directories
Defines the mechanism to use when authenticating users. Available mechanisms are: A Windows NT domain, which authenticates users with accounts on the server you specify; an LDAP directory to store user and group account information.
Security policies
A policy associates specific users or groups with a set of resource restrictions that these users have access to. These restrictions are in the form of rules, such as allowing a particular user or group to execute a SQL UPDATE on a particular data source.
ColdFusion resources
ColdFusion resources are things like data sources, Verity collections, ColdFusion tags, custom tags, specific files and so on.
Security server
A hostname or IP address you specify where the security authentication and authorization services run. These services are used to authenticate individual users or groups.
Security sandboxes
A security framework established by applying a particular security context, with all that it contains, to a directory structure. Intended mainly to help ISPs hosting ColdFusion applications to partition application pages in individually secure areas.

 
 
  Implementation summary  
 
 

ColdFusion advanced security is implemented by defining the following elements in order:

  1. A security server.
  2. A security context.
  3. A user directory, either an NT domain or an LDAP directory.
  4. Rules governing particular ColdFusion resources.
  5. Users and groups for whom the rules will apply.
  6. Policies that group users and rules together into logical elements.


 
 
BackUp LevelNext
 
 

allaire     AllaireDoc@allaire.com
    Copyright © 1998, Allaire Corporation. All rights reserved.