Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 5-ADVANCED ADMINISTRATION
81828384858687888990
Choosing a Level of ColdFusion Security 65
Deploying applications with Basic security
Basic security lets you disable execution of CFML tags that could prevent security
hazards if they were used in a ColdFusion application, because they could be used to
upload, delete, or otherwise manipulate files on the ColdFusion server. ColdFusion
displays an error when it encounters a disabled tag in an application.
Besides the ability to restrict CFML tags, Basic security provides no runtime security
for ColdFusion applications. When Basic security is implemented, the responsibility
for securing applications falls mainly on the application developers. For example,
developers must authenticate end-users of their applications by creating customized
user directories. Developers can also integrate existing user directories, like NT
domains, by using any of the custom extension mechanisms supported by
ColdFusion, including CFX tags, and COM or CORBA objects. Similarly, developers
must custom-build all access privileges into all their applications.
Deploying spplications with Advanced security
Advanced security lets ColdFusion developers authenticate users and match
protected resources with authorized users. Advanced security builds consistent,
standardized authentication right into the ColdFusion server engine, making it
easier for developers to control all aspects of access to their applications.
When Advanced security is implemented, developers dont need to create
customized directories or databases to authenticate users; Advanced Security can
automatically authenticate users against existing LDAP directories, NT domains, or
ODBC data sources. Advanced security also makes it easier to enforce access rights
for authenticated users and groups. You can expressly grant or forbid run-time
access to ColdFusion Applications, CFML tags, collections, components, Data
sources, Files, Directories, and Custom Tags on a user-by-user or group-by-group
basis. For example, you could use Advanced security to:
Restrict sensitive CFML tags like <CFREGISTRY> so they can be used only by
members of the NT Domain Administrators group of the local domain.
Make a sensitive search collection available only to your companys Human
Resources staff. No matter which applications use the collection, it would only
ever be available to this one group.
Make CORBA or COM objects that work with a companys financial information
available only to the departments and Web applications that require them
In the Enterprise edition of ColdFusion, Advanced security also lets you run
applications in a security sandbox, which assigns security permissions to any
applications running from a specified directory tree. Unlike other Advanced security
features, Security sandboxes automatically enforce control over resources without
additional coding to autehnticate and authorize users. Security sandboxes eliminate
the risk that one application will access another applications resources, and are most
useful to hosted sites where multiple ColdFusion applications are deployed on the
same server.