Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 5-ADVANCED ADMINISTRATION
919293949596979899100
Advanced Security Basics 81
Advanced Security Basics
All types of Advanced Security implement the following four elements:
User directories
Resources
Policies
Security contexts
This section introduces these elements and describes how they work together to
build your Advanced Security framework. For detailed, hands-on instructions for
actually implementing an Advanced Security framework, see Creating an Advanced
Security Framework on page 88.
User directories
User directories provide a listing of user information, such as the users name, login
password, and the names of any groups to which the user belongs. ColdFusion
Advanced Security lets you incorporate any of the following industry-standard user
directories:
Lightweight Directory Access Protocol (LDAP) directory
Windows NT domain
ODBC data source
A user directory authenticates users by verifying that their credentials match those in
the directory. It tells you if someone is a valid user of the system. When you create a
security context, you select users and groups from a user directory and then
individually assign them access rights to ColdFusion resources. ColdFusion
developers then include code in their applications that checks if a user has rights to a
resource.
Because ColdFusion uses your existing LDAP directories, NT domains, or data
sources, you dont have to create and maintain redundant user directories just to
develop or deploy ColdFusion applications. Using existing NT or LDAP provides an
added bonus: User groups to whom you assign security privileges automatically
inherit changes to group membership; no additional maintenance is required. For
example, suppose your companys NT Domain contains a user group called BigDev.
Youve used Advanced Security to give the BigDev group access to a number of
custom tags. Your company hires a new developer to work in the BigDev group.
When the new developer is added to the BigDev group in your companys NT
domain, shes automatically granted access to the custom tags because of her user
group affiliation.