Implementing User Security  
 
 

The User Security feature allows ColdFusion developers to authenticate users and match protected resources with authorized users. User Security consists of several parts:

  • The Security Context defines the scope, or the security domain, of protected resources.
  • Rules define access permissions for a particular resource.
  • Policies match rules to users and user groups. They protect ColdFusion resources and explicitly allow access to users.
  • User Directories can be NT Domains or LDAP servers.

To implement runtime user security for applications, you use the ColdFusion Administrator to set up the security server, create a security context for your application, and set up rules and policies that match secured resources with authorized users. See Setting Up a Security Server for details on setting up the security server.

After the security framework is in place, you use the CFAUTHENTICATE tag in individual application pages (or the Application.cfm file) to authenticate users. The IsAuthenticated and IsAuthorized functions enable developers to offer or deny access based on the established security policies. See the CFML Language Reference for more information on IsAuthenticated and IsAuthorized.



 
 
BackUp LevelNext
 
 

allaire     AllaireDoc@allaire.com
    Copyright © 1998, Allaire Corporation. All rights reserved.