User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 5-ADVANCED ADMINISTRATION

101

102

103

104

105

106

107

108

109

110

84 Chapter 5 Configuring Advanced Security

Advanced Security Implementations

The four elements discussed in the previous section—user directories, resources,

policies, and security contexts—are the building blocks of every type of security

framework you’ll create. You can implement the following types of Advanced

Security:

• User security Secures functionality in a ColdFusion application. User security is

implemented in ColdFusion application pages by ColdFusion developers, and

offers runtime user authentication and authorization.

• Remote Development Services (RDS) security Controls a ColdFusion Studio

developer’s access to ColdFusion resources, including data sources, files, and

directories.

• Server sandbox security Provides runtime security based on directory access at

hosted sites and is controlled by the ColdFusion administrator of a hosted site.

• Administrator security Secures the ColdFusion Server Administrator against

unauthorized access and lets you grant various levels of administrative access to

specified users.

This section describes these types of Advanced Security and explains when you’d use

each one. For step-by-step instructions for implementing Advanced Security

features, see “Creating an Advanced Security Framework” on page 88 .

Securing applications with User security

User Security authenticates users in a ColdFusion application and then assigns

privileges based on the applicable ColdFusion security context.

For example, suppose you’ve used ColdFusion to build and host your company’s

intranet. The Human Resources department maintains a page on the intranet where

all employees can access timely information about the company, like the latest

company policies, upcoming events, and job postings. You’d want everyone to be

able to read the information, but you’d only want certain authorized HR employees

to be able to add, update, or delete information. In addition, you might want to let

employees view customized information about their salaries, job levels, and

performance reviews. You certainly wouldn’t want one employee to view sensitive

information about another employee, but you’d want managers to be able to see, and

possibly update, information about their direct reports. User Security lets you give

each employee an appropriate level of access to the HR data.

Note

This chapter describes the steps necessary install Advanced security features and set

up the security framework in the ColdFusion Administrator. Once you’ve put the

security framework in place, developers must code security features into their

ColdFusion applications. For information about coding secure applications, see

Developing Web Applications with ColdFusion.