Application Security  
 
 

ColdFusion also offers a security framework that lets you apply security to pages, applications, and users. First you use the Advanced Security page of the ColdFusion Administrator to set up a security context that governs access to resources for authenticated users. Then you use the CFAUTHENTICATE tag in your Application.cfm file to authenticate users.

For details and examples of securing your application pages, see the Application Security chapter in Advanced ColdFusion Development.

 
 
  Integrating with web server security  
 
 

If the application pages in your application are located in the Web server document directory, you can use your Web server's native authentication and encryption services to secure your ColdFusion application. Each Web server has a different way of configuring security settings, creating users, groups, and establishing privileges. Consult your Web server documentation for instructions on configuring your server's settings.

 
 
  Authentication  
 
 

In ColdFusion, you can use the CFAUTHENTICATE tag in the Application.cfm file to establish a security domain for your application. See the Application Security chapter in the Advanced ColdFusion Development book for information on using CFAUTHENTICATE to establish a user's authentication state.

You can also use your Web server's authentication system. When the Web server authenticates a user, it returns a unique variable that is available within your application page as the CGI Environment parameter "Auth_User." You can use this parameter to access additional information about a user out of a database. In general, it is more straightforward to simply organize your security on an application page level.

 
 
  Encryption  
 
 

ColdFusion offers two functions to encrypt strings in application pages: Encrypt() and Decrypt(). See the CFML Language Reference for information on using these functions.

Because ColdFusion returns Web pages to the Web server, you can also use your Web server's encryption technology to encrypt the pages in your applications. This is especially useful for commerce applications that require a higher level of security.

For more information on securing your application pages, see the Application Security chapter in the Advanced ColdFusion Development manual. Also, for information on using the security features in the ColdFusion Administrator, see the security chapters in Administering ColdFusion Server.



 
 
BackUp LevelNext
 
 

allaire     AllaireDoc@allaire.com
    Copyright © 1998, Allaire Corporation. All rights reserved.