User Guide

88 Chapter 5 Configuring Advanced Security

Creating an Advanced Security Framework

No matter which Advanced Security feature you choose to implement—user security,

RDS security, a security sandbox, or administrator security—you’ll follow the same

basic steps for creating the framework:

1 Set up the security server. See “Setting Up a Security Server” on page89 for more

information.

2 Set up user directories to authenticate against an NT domain, an LDAP directory,

or an ODBC data source. See “Defining User Directories” on page92 for more

information.

3 Create a security context for the application. See “Defining a Security Context” on

page 95 for more information.

4 Specify rules and policies to protect resources with authorized users and groups.

See “Specifying Resources to Protect” on page 96 for more information.

The rest of this chapter teaches you how to configure Advanced security on the

ColdFusion server.

Implementation summary

The details of your ColdFusion Server Advanced Security implementation depend

largely on your platform and how you decide to store security policy information.

Security policy information can be stored in one of three ways:

• Using the Access database file supplied by default with ColdFusion Server

(Windows only)

• Using the ODBC data source of your choice

• Using an LDAP directory server. LDAP is the only option on UNIX.

Once you have decided on a method of storing security policy information, the

implementation details are essentially the same regardless of platform and storage

type. ColdFusion Advanced Security is implemented by defining the following

elements in order:

1 A security server.

2 A user directory, in the form of an NT domain, an LDAP directory, or an ODBC

data source.

3 A security context, with specific resource types to protect.

4 Specific ColdFusion rules to protect resources of a type suppported by the

security context.

5 Policies that bind users and groups to rules for a security context.