Configuring Administrator Security  
 
 

Security options in ColdFusion have been greatly enhanced in this release. There are now two levels of security you can implement: Basic and Advanced. With Basic Security, a password secures access to the ColdFusion Administrator and to files, directories, and data sources from ColdFusion Studio. Knowing these passwords gives you complete access to all resources and the all ColdFusion Administrator pages.

Advanced Security allows you to authenticate individual users and associate specific access rights based on user login or group association. ColdFusion Advanced Security gives you the ability to enforce security at a very granular level. For example, you can define security domains and policies that allow you to secure specific areas of the ColdFusion Administrator or specific ColdFusion resources, including the execution of specific ColdFusion tags. This security framework allows you to authenticate individual users, and, once authenticated, control access to a wide range of operations, such as adding or deleting data sources, setting server performance options and so on.

ColdFusion Security has three different operational contexts:

  • Runtime Security, where ColdFusion developers use the CFAUTHENTICATE tag to authenticate users accessing ColdFusion pages. Also, in situations where you are either hosting a ColdFusion application on your server, or deploying a ColdFusion application to a hosted server, all resources that fall within a specified directory location can be secured.
  • Remote Development Security (RDS), where developers accessing ColdFusion resources from Studio are authenticated prior to receiving authorization to access these resources
  • Administrator Security, where individual administrative operations, such as adding or removing a data source, changing ColdFusion server settings, or accessing security settings are secured against unauthorized access.

For detailed information about configuring security options in the ColdFusion Administrator, see Chapter 8, Configuring Basic Security.

For information about advanced security in ColdFusion, see Chapter 9, Configuring Advanced Security.

For more information about implementing runtime security measures, refer to Developing Web Applications with ColdFusion.



 
 
BackUp LevelNext
 
 

allaire     AllaireDoc@allaire.com
    Copyright © 1998, Allaire Corporation. All rights reserved.