Using ColdFusion’s Built-in Advanced Security Services
Now that we’ve looked at implementing security from scratch, let’s talk about the built-in Advanced Security services in ColdFusion. ColdFusion supports a set of Advanced Security services that integrate with an OEM version of Netegrity’s popular SiteMinder (Version 3.51 for ColdFusion 4.5.x and Version 4.11 for ColdFusion 5.0) security product for providing granular control within your ColdFusion applications. In order to use ColdFusion’s Advanced Security services, you must be running either the Windows NT or Unix version of ColdFusion Professional or Enterprise edition. Advanced security on Linux is planned for a future release.
From a developer’s perspective, there are two pieces that make up ColdFusion’s Advanced Security services: security contexts and application code that validates against the security contexts. Security contexts are created in the ColdFusion Administrator and provide the framework for authenticating and authorizing users. Security contexts consist of policies that govern users’ access to resources such as files, CFML tags, and data sources within an application. Security administration is handled via the ColdFusion Administrator.
Administering Advanced Security
Although a full discussion of the ins and outs of setting up and administering ColdFusion’s Advanced Security services is beyond the scope of this book, it is useful to briefly cover the basic steps involved in creating a security context ...
Get Programming ColdFusion now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
