Advanced Security Implementations; Securing Applications With User Security - MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION Manual

84

Advanced Security Implementations

The four elements discussed in the previous section—user directories, resources,
policies, and security contexts—are the building blocks of every type of security
framework you'll create. You can implement the following types of Advanced
Security:
This section describes these types of Advanced Security and explains when you'd use
each one. For step-by-step instructions for implementing Advanced Security
features, see "Creating an Advanced Security Framework" on page 88 .

Securing applications with User security

User Security authenticates users in a ColdFusion application and then assigns
privileges based on the applicable ColdFusion security context.
For example, suppose you've used ColdFusion to build and host your company's
intranet. The Human Resources department maintains a page on the intranet where
all employees can access timely information about the company, like the latest
company policies, upcoming events, and job postings. You'd want everyone to be
able to read the information, but you'd only want certain authorized HR employees
to be able to add, update, or delete information. In addition, you might want to let
employees view customized information about their salaries, job levels, and
performance reviews. You certainly wouldn't want one employee to view sensitive
information about another employee, but you'd want managers to be able to see, and
possibly update, information about their direct reports. User Security lets you give
each employee an appropriate level of access to the HR data.
Note
This chapter describes the steps necessary install Advanced security features and set
up the security framework in the ColdFusion Administrator. Once you've put the
security framework in place, developers must code security features into their
ColdFusion applications. For information about coding secure applications, see
Developing Web Applications with ColdFusion.
User security Secures functionality in a ColdFusion application. User security is
implemented in ColdFusion application pages by ColdFusion developers, and
offers runtime user authentication and authorization.
Remote Development Services (RDS) security Controls a ColdFusion Studio
developer's access to ColdFusion resources, including data sources, files, and
directories.
Server sandbox security Provides runtime security based on directory access at
hosted sites and is controlled by the ColdFusion administrator of a hosted site.
Administrator security Secures the ColdFusion Server Administrator against
unauthorized access and lets you grant various levels of administrative access to
specified users.
Chapter 5 Configuring Advanced Security