Table of Contents
Advertisement
Chapter 10: Configuring Advanced Security
User Directories
User directories provide a listing of user information, such as the user's name, login
password, and the names of any groups to which the user belongs. ColdFusion
Advanced Security lets you incorporate any of the following industry-standard user
directories:
Lightweight Directory Access Protocol (LDAP) directory
Windows NT domain
ODBC data source
A user directory authenticates users but doesn't authorize them: In and of itself, a
directory can tell you if someone is a valid user of the system, but can't assign
ColdFusion security permissions to the user. When you create a security context, you
select users and groups from a user directory and then individually assign them access
rights to ColdFusion resources. ColdFusion developers then include code in their
applications that checks if a user has rights to a resource.
Because ColdFusion uses your existing LDAP directories, NT domains, or data sources,
you don't have to create and maintain redundant user directories just to develop or
deploy ColdFusion applications. Using existing NT or LDAP provides an added bonus:
User groups to whom you assign security priveleges automatically inherit changes to
group membership; no additional maintenance is required. For example, suppose
your company's NT Domain contains a user group called BigDev. You've used
Advanced Security to give the BigDev group access to a number of custom tags. Your
company hires a new developer to work in the BigDev group. When the new developer
is added to the BigDev group in your company's NT domain, she's automatically
granted access to the custom tags because of her user group affiliation.
Note
Resources
A ColdFusion resource that you want to protect is the core of Advanced security.
Selecting a resource to protect doesn't specify how to protect it or which users can
access it; you're simply telling ColdFusion the name and, if applicable, the acton of the
resource you intend to secure. For example, you can control
Write access to all the files in the directory c:\directory
Which actions of the CFML tag are restricted
Inserts and updates for a specific Access database.
Netscape Directory Server is bundled with ColdFusion to provide an
LDAP user directory in case you aren't already using NT domains or LDAP
directories.
291
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the COLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER and is the answer not in the manual?