Use the Advanced Security page to first enable and then configure your Advanced Security framework. You can also clear Server Security and ColdFusion Caches on this page.
In the ColdFusion Administrator navigation frame, click Security>Security Configuration. The Advanced Security page appears.
Enable the Use Advanced Server Security option by putting a check in the check box. Before you can configure any advanced features such as user directories and security contexts, you have to enable this feature.
Click Submit Changes. The Advanced Security page refreshes with a series of additional fields and buttons. The fields, which are categorized in frames for easy reference, enable you to configure your Advanced Security measures. The buttons enable you to perform functions such as connecting user directories or viewing a security map. To familiarize yourself with the Advanced Security page, see About the Advanced Security page.
To configure Advanced Security:
With Advanced Security enabled, the Advanced Security page has Security settings and function buttons.
Select Security Server
Connection Settings as described in the following table:
Settings |
Description |
Default |
Security Server |
Enter the physical location of the security server. The default value is the localhost IP number. If you need to change it, you can supply an IP address or a logical name that can be resolved to a physical address. |
127.0.0.1 |
Shared Secret |
Enter a shared secret; this value is part of the encryption key that validates Advanced Security transactions. Because the default value is the same for all ColdFusion Server configurations, be sure to change the shared secret at least once. |
***** |
Authentication Port |
The ColdFusion Administrator reserves the authentication port to pass security information. In the unlikely even that another process on the server uses the default port 44442, enter a different value. |
44442 |
Authorization Port |
The ColdFusion Administrator reserves the authorization port to pass security information. In the unlikely even that another process on the server uses the default port 44443, enter a different value. |
44443 |
Timeout |
Enter a timeout value in seconds for authorization. |
20 |
Use Security Sandbox Settings |
If you plan to use security sandboxes, enable this option. |
Disabled |
Select Security Server
Caching settings as described in the following table:
Settings |
Description |
Default |
Use Security Cache |
Enable this option if you want ColdFusion to cache security information and transactions on the security server.
Caching security information can improve performance within your ColdFusion applications because ColdFusion can take security information from the cache instead of making calls to the database. |
Enabled |
Load Policy Store Cache at Startup |
Enable this option if you want to use the Policy Store Cache and load it every time you start ColdFusion services.
The Policy Store Caches caches Advanced Security information. By default, the cache updates with administrative changes to the policy store once every minute. The information stored in this cache is used in determining whether a user is authorized for a resource.
When this information is cached, ColdFusion does not have to make database calls to determine authorization. Therefore, performance is greatly improved without requiring a lot of information to be cached. The use of this cache provides the most noticeable performance improvements with Advanced Security. |
Enabled |
Refresh Interval |
Enter the number of minutes at which this cache should flush or clear. Enter a high number if the security data for your site does not change often. Enter a low number if your site changes access data regularly during the course of a day. |
0 |
Use Authorization Cache |
Enable this option if you want to cache authorizations. The Authorization Cache caches each unique isAuthorized call. Because each isAuthorized call is tied to the user who made the call, the number of cached entries grows quickly in an application that has many users. The high overhead of this cache can hinder its performance improvements. Therefore, you should use the Load Policy Store Cache if you anticipate heavy usage of your protected applications. |
Disabled |
Refresh Interval |
Enter the number of minutes at which this cache should flush or clear. Enter a high number if the security data for your site does not change often. Enter a low number if your site changes access data regularly during the course of a day. |
0 |
Select ColdFusion Cache Settings as described in the following table:
Settings |
Description |
Default |
ColdFusion Authorization Cache |
Enable this option if you want to use the ColdFusion Server Cache, which caches isAuthorized and isProtected requests. The advantage of using this cache is that it operates in the ColdFusion application server process space so there is no interprocess call for cached request. |
Disabled |
Refresh Interval |
Enter the number of minutes at which this cache should refresh. Enter a high number if the security data for your site does not change often. Enter a low number if your site changes access data regularly during the course of a day. |
120 |
Maximum Entries |
Enter the maximum number of entries for this cache buffer. When the buffer fills to the maximum number, a warning message is written to the server.log file. |
1,000 |
ColdFusion Authentication Cache |
This cache caches authentications; it is always activated. |
Always On |
Refresh Interval |
Enter the number of minutes at which this cache should refresh. Enter a high number if the security data for your site does not change often. Enter a low number if your site changes access data regularly during the course of a day. |
120 |
Maximum Entries |
Enter the maximum number of entries for this cache buffer. When the buffer fills to the maximum number, a warning message is written to the server.log file. |
1,000 |
If you want to clear Security
Server and Caches, click a button:
Authentication to clear authentication caches.
Authorization to clear authorization caches.
Flush All to clear all caches.
Decide whether to use the ColdFusion Administration Authentication option, as described in the following table:
Fields |
Description |
Default |
Enable this option if you want to assign ColdFusion Administrator privileges to different users. For details, see Secure the ColdFusion Administrator. When enabled, this feature overrides the Basic Server Security ColdFusion Administrator password.
Note: Before you enable this option, define a user directory containing the users to whom you want to assign Administrator privileges. |
Disabled | |
Administrator |
Enter the name of the user who is defined in the user directory you created for the purpose of ColdFusion Administration. |
Blank |
User Directory |
From the drop-down list, select the user directory that you created for the purpose of ColdFusion Administration.
After the ColdFusion Administration Authentication takes effect, you see prompts for the username and password of this directory when you attempt to open the ColdFusion Administrator. If you log in as a different user, you do not see the Security Configuration link in the Administrator. |
Blank |
Decide whether to use the ColdFusion Studio Authentication option, as described in the following table:
Fields |
Description |
Default |
Use ColdFusion Studio Authentication |
Enable this option if you want to limit ColdFusion Studio access to a specific set of files or data sources based on username and password authentication. When enabled, this feature overrides the Basic Server Security ColdFusion Administrator password.
Note: Before you can use this option, you have to define a user directory containing the users to whom you want to assign ColdFusion Studio privileges, create a security context for the application, specify resources to protect, and create policies that match secured resources with authorized users. |
Disabled |
Security Context |
From the drop-down list, select the security context you created for the purpose of ColdFusion Studio Authentication.
After the ColdFusion Studio Authorization takes effect, developers working in ColdFusion Studio connect to the ColdFusion Server and access resources according to the rules and policies associated with their logins. |
Blank |
Click Submit Changes.
Optionally, you can click a button to view your security map, connect user directories, register security contexts, secure resources, and register security sandboxes.