Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER
311312313314315316317318319320
290 Administering ColdFusion Server
What is Advanced Security?
ColdFusion Server Professional and Enterprise editions include Advanced security
features that provide scalable, granular security for building and deploying your
ColdFusion applications:
Application development — Control access to files, data sources and
administration for each developer on your team. Coordinate team
development on shared servers with the assurance that sensitive data and
applications are secure.
Application deployment — Create complex rules to programmatically control
access to functionality within applications. Confine applications to secure areas
that can flexibly restrict the access applications have to directories,
components, databases or other resources on the server.
Administration — Secure the ColdFusion Server Administrator against
unauthorized access and grant various levels of administrative access to
specified users.
Its important to remember that unlike Basic security, which automatcally password-
protects your resources, Advanced security provides a self-enforced security
framework that must be explicitly enforced by developers in the applications they
write. (In the Enterprise version of ColdFusion, Advanced security does provide for
security sandboxes, which automatically protect the resources they contain.)
Note If you havent already read Chapter 8, “ColdFusion Security," take a few
minutes now to do so. This chapter discusses the differences between
Basic and Advanced security and helps you decide which type of security
is best for your ColdFusion environment.
Advanced Security Basics
All types of Advanced Security implement the following four elements. You may
recognize these terms if you’re at all familiar with discussions of Web, Java, or
distributed application security:
User directories
Resources
Policies
Security contexts
This section introduces these elements and describes how they work together to build
your Advanced Security framework. For detailed, hands-on instructions for actually
implementing an Advanced Security framework, see “Creating an Advanced Security
Framework” on page 297.