Table of Contents
Advertisement
Chapter 10: Configuring Advanced Security
For example, as a ColdFusion Server administrator, you'll probably want to assign
Administrator access to one or two other users, thus ensuring you'll have backup
administrators and your company won't have to forgo administrative support if you're
away. You might also want to create a class of Privileged access administrators who can
manage all aspects of the ColdFusion environment except Basic and Advanced
security. Users with Restricted administrative access can function as ColdFusion super
users. You could assign Restricted access to one or two members of each development
team. That way, development teams can add and configure their own data sources, but
can't access other teams' data sources, and can't alter the ColdFusion environment in
any significant way.
See "Securing the ColdFusion Administrator" on page 310 for detailed instructions for
securing the Administrator pages.
Creating an Advanced Security Framework
No matter which Advanced Security feature you choose to implement — user security,
RDS security, a security sandbox, or administrator security — you'll follow the same
basic steps for creating the framework:
1.
Set up the security server. See "Setting Up a Security Server" on page 299 for more
information.
2.
Set up user directories to authenticate against an NT domain, an LDAP directory,
or an ODBC data source. See "Defining User Directories" on page 301 for more
information.
3.
Create a security context for the application. See "Defining a Security Context" on
page 304 for more information.
4.
Specify individual resources to protect and set up policies that match secured
resources with authorized users and groups.. See "Specifying Resources to
Protect" on page 305 for more information.
The rest of this chapter teaches you how to configure Advanced security on the
ColdFusion server.
Implementation summary
The details of your ColdFusion Server Advanced Security implementation depend
largely on your platform and how you decide to store security profile information.
Security profile information can be stored in one of three ways:
Using the Access database file supplied by default with ColdFusion Server
(Windows only)
Using the ODBC data source of your choice
Using an LDAP directory server, such as the Netscape Directory Server supplied
with ColdFusion Server. LDAP is the only option on UNIX.
297
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the COLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER and is the answer not in the manual?