Securing CFML Tags  
 
 

You secure CFML tags by first selecting CFML as a resource type when defining a security context. Then, when you open the Resource Rules page, ColdFusion offers CFML as a valid resource type for which you can define rules.

 
 
  To secure a CFML tag:  
 
  1. Make sure in your security context, that you have enabled security for the CFML resource type.
  2. On the Security context page, click Rules. The Resource Rules page appears for the current security context.
  3. Enter a rule name, and in the Resource Type list box, select CFML. Click Add when you're ready.
  4. On the Edit Resource Rule page, enter a description for the new rule.
  5. In the Tag Name list box, select the tag you want to define in the rule. The rule you are defining here forces ColdFusion to authorize the execution of the tag before executing it. If you do not select CFML as a secured resource type, all tags will execute without prior authorization.
  6. If applicable, select the action you want to add to the rule and click Apply.

Use this page to define a rule for specific tags or tag actions that are the exception. For example, in the following example, the READ action of the CFFILE tag is being explicitly defined so that, once this rule is associated with a particular user or group, ColdFusion will authorize the execution of this tag only when the associated user attempts to process a page containing this tag.

 
 
  Note  
 

To protect all of a tag's individual actions, select the all actions option in the Action list box.



 
 
BackUp LevelNext
 
 

allaire     AllaireDoc@allaire.com
    Copyright © 1998, Allaire Corporation. All rights reserved.