Advanced security capabilities provide the ultimate level control for protecting and deploying ColdFusion applications. You can control access to files, data sources and administration, and coordinate team development on shared, secure servers. You can also assign different degrees of ColdFusion Administrator access to specified users so that administrative tasks can be shared.
When you use Advanced Security, you and your developers can create complex rules to control access to functionality within applications. You can set up multiple levels of user access within an application, and confine applications to secure areas that restrict the access applications that have to directories, components, databases or other resources on the server. Developers then enforce security as they write code.
Advanced Security features incorporate combinations of rules, user directories and policies within specific contexts. You can access the various security elements in the ColdFusion Administrator by clicking Security>Security Configuration to see the Advanced Security page. It provides the following buttons:
Security Map — You can view and print a map that details all the components of your Advanced Security framework. For details, see About the Security Map.
User directories — These directories provide a listing of user information, such as the user's name, login password, and the names of any groups to which the user belongs. For details, see About user directories.
Security Contexts — A security context is a container for logically-related groups of policies. You can create and implement as many security contexts as your application or development environment requires. For details, see About security contexts.
Resources — You can protect ColdFusion resources, such as applications, Verity Collections, and custom tags, in a variety of ways. For details, see About protecting resources.
Security Sandboxes — The Enterprise Edition of ColdFusion provides security sandboxes, which automatically protect all the resources they contain by limiting access. For details, see About security sandboxes.