Table of Contents
Advertisement
Chapter 8: ColdFusion Security
Types of ColdFusion Security
ColdFusion Server provides two mutually exclusive security frameworks called Basic
security and Advanced security. You can use either type of security to secure
ColdFusion application development and deployment.
Basic Security
Basic security is the initial default security framework for ColdFusion and lets you
secure the ColdFusion server with password access:
Application development — Secure access to data sources and files with
password protection. Block access to several sensitive ColdFusion tags.
Application deployment — Prevent applications from executing several
ColdFusion tags that could be used to upload, delete, or otherwise manipulate
server files.
Administrative Access — Secure access to ColdFusion administrative functions
with password protection.
All editions of ColdFusion Server include Basic Security features. When you install
ColdFusion Server, Basic Security is automatically activated.
Advanced Security
ColdFusion Server Professional and Enterprise editions include Advanced Security
features that provide scalable, granular security for building and deploying your
ColdFusion applications:
Application development — Control access to files, data sources and
administration for each developer on your team. Coordinate team
development on shared servers with the assurance that sensitive data and
applications are secure.
Application deployment — Create complex rules to programmatically control
access to functionality within applications. Provide multiple levels of user
access from within an application. Confine applications to secure areas that
can flexibly restrict the access applications have to directories, components,
databases or other resources on the server.
Administrative Access — Assign different degrees of administrative access to
specified users.
Data Encryption
Both Basic and Advanced security support the Secure Sockets Layer (SSL) protocol
which encrypts Internet application protocols (like HTTP) with public key
cryptography. SSL protects against snooping, eavesdropping, or any sort of message
tampering when information is passed between clients and servers. Most Web servers
support SSL. The server administrator installs a private key that is used to decrypt
275
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the COLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER and is the answer not in the manual?