Configure Advanced Security

Use the Advanced Security page to first enable and then configure your Advanced Security framework. You can also clear Server Security and ColdFusion Caches on this page.

 

To enable Advanced Security:

  1. In the ColdFusion Administrator navigation frame, click Security>Security Configuration. The Advanced Security page appears.

  2. Enable the Use Advanced Server Security option by putting a check in the check box. Before you can configure any advanced features such as user directories and security contexts, you have to enable this feature.

  3. Click Submit Changes. The Advanced Security page refreshes with a series of additional fields and buttons. The fields, which are categorized in frames for easy reference, enable you to configure your Advanced Security measures. The buttons enable you to perform functions such as connecting user directories or viewing a security map. To familiarize yourself with the Advanced Security page, see About the Advanced Security page.

 

To configure Advanced Security:

  1. With Advanced Security enabled, the Advanced Security page has Security settings and function buttons.

  2. Select Security Server Connection Settings as described in the following table:
     

Settings

Description

Default

Security Server

Enter the physical location of the security server. The default value is the localhost IP number. If you need to change it, you can supply an IP address or a logical name that can be resolved to a physical address.

127.0.0.1

Shared Secret

Enter a shared secret; this value is part of the encryption key that validates Advanced Security transactions. Because the default value is the same for all ColdFusion Server configurations, be sure to change the shared secret at least once.

*****

Authentication Port

The ColdFusion Administrator reserves the authentication port to pass security information. In the unlikely even that another process on the server uses the  default port 44442, enter a different value.

44442

Authorization Port

The ColdFusion Administrator reserves the authorization port to pass security information. In the unlikely even that another process on the server uses the  default port 44443, enter a different value.

44443

Timeout

Enter a timeout value in seconds for authorization.

20

Use Security Sandbox Settings

If you plan to use security sandboxes, enable this option.

Disabled

 

  1. Select Security Server Caching settings as described in the following table:
     

Settings

Description

Default

Use Security Cache

Enable this option if you want ColdFusion to cache security information and transactions on the security server.

 

Caching security information can improve performance within your ColdFusion applications because ColdFusion can take security information from the cache instead of making calls to the database.

Enabled

Load Policy Store Cache at Startup

Enable this option if you want to use the Policy Store Cache and load it every time you start ColdFusion services.

 

The Policy Store Caches caches Advanced Security information. By default, the cache updates with administrative changes to the policy store once every minute. The information stored in this cache is used in determining whether a user is authorized for a resource.

 

When this information is cached, ColdFusion does not have to make database calls to determine authorization. Therefore, performance is greatly improved without requiring a lot of information to be cached. The use of this cache provides the most noticeable performance improvements with Advanced Security.

Enabled

Refresh Interval

Enter the number of minutes at which this cache should flush or clear. Enter a high number if the security data for your site does not change often. Enter a low number if your site changes access data regularly during the course of a day.

0

Use Authorization Cache

Enable this option if you want to cache authorizations. The  Authorization Cache caches each unique isAuthorized call. Because each isAuthorized call is tied to the user who made the call, the number of cached entries grows quickly in an application that has many users. The high overhead of this cache can hinder its performance improvements. Therefore, you should use the Load Policy Store Cache if you anticipate heavy usage of your protected applications.

Disabled

Refresh Interval

Enter the number of minutes at which this cache should flush or clear. Enter a high number if the security data for your site does not change often. Enter a low number if your site changes access data regularly during the course of a day.

0

 

  1. Select ColdFusion Cache Settings as described in the following table:

 

Settings

Description

Default

ColdFusion Authorization Cache

Enable this option if you want to use the ColdFusion Server Cache, which caches isAuthorized and isProtected requests. The advantage of using this cache is that it operates in the ColdFusion application server process space so there is no interprocess call for cached request.

Disabled

Refresh Interval

Enter the number of minutes at which this cache should refresh. Enter a high number if the security data for your site does not change often. Enter a low number if your site changes access data regularly during the course of a day.

120

Maximum Entries

Enter the maximum number of entries for this cache buffer. When the buffer fills to the maximum number, a warning message is written to the server.log file.

1,000

ColdFusion Authentication Cache

This cache caches authentications; it is always activated.

Always On

Refresh Interval

Enter the number of minutes at which this cache should refresh. Enter a high number if the security data for your site does not change often. Enter a low number if your site changes access data regularly during the course of a day.

120

Maximum Entries

Enter the maximum number of entries for this cache buffer. When the buffer fills to the maximum number, a warning message is written to the server.log file.

1,000

  1. If you want to clear Security Server and Caches, click a button:

    Authentication
    to clear authentication caches.
    Authorization
    to clear authorization caches.
    Flush All
    to clear all caches.
     

  2. Decide whether to use the ColdFusion Administration Authentication option, as described in the following table:

 

Fields

Description

Default

Use ColdFusion Administration Authentication

Enable this option if you want to assign ColdFusion Administrator privileges to different users. For details, see Secure the ColdFusion Administrator. When enabled, this feature overrides the Basic Server Security ColdFusion Administrator password.

 

Note: Before you enable this option, define a user directory containing the users to whom you want to assign Administrator privileges.

Disabled

Administrator

Enter the name of the user who is defined in the user directory you created for the purpose of ColdFusion Administration.  

Blank

User Directory

From the drop-down list, select the user directory that you created for the purpose of ColdFusion Administration.

 

After the ColdFusion Administration Authentication takes effect, you see prompts for the username and password of this directory when you attempt to open the ColdFusion Administrator. If you log in as a different user, you do not see the Security Configuration link in the Administrator.

Blank

 

  1. Decide whether to use the ColdFusion Studio Authentication option, as described in the following table:

 

Fields

Description

Default

Use ColdFusion Studio Authentication

Enable this option if you want to limit ColdFusion Studio access to a specific set of files or data sources based on username and password authentication. When enabled, this feature overrides the Basic Server Security ColdFusion Administrator password.

 

Note: Before you can use this option, you have to define a user directory containing the users to whom you want to assign ColdFusion Studio privileges, create a security context for the application, specify resources to protect, and create policies that match secured resources with authorized users.

Disabled

Security Context

From the drop-down list, select the security context you created for the purpose of ColdFusion Studio Authentication.  

 

After the ColdFusion Studio Authorization takes effect, developers working in ColdFusion Studio connect to the ColdFusion Server and access resources according to the rules and policies associated with their logins.

Blank

 

  1. Click Submit Changes.

  2. Optionally, you can click a button to view your security map, connect user directories, register security contexts, secure resources, and register security sandboxes.

Related topics