Types Of Coldfusion Security - MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION Manual

Why Is ColdFusion Security Important?

Types of ColdFusion Security

ColdFusion Server provides two mutually exclusive security frameworks called Basic
security and Advanced security. You can use either type of security to secure
ColdFusion application development and deployment.
Basic security
Basic security is the initial default security framework for ColdFusion and lets you
secure the ColdFusion server with password access:
All editions of ColdFusion Server include Basic Security features. When you install
ColdFusion Server, Basic Security is automatically activated.
Advanced security
ColdFusion Server Professional and Enterprise editions include Advanced Security
features that provide scalable, granular security for building and deploying your
ColdFusion applications:
Data encryption
Both Basic and Advanced security support the Secure Sockets Layer (SSL) protocol
which encrypts Internet application protocols (like HTTP) with public key
cryptography. SSL protects against snooping, eavesdropping, or any sort of message
tampering when information is passed between clients and servers. Most Web
servers support SSL. The server administrator installs a private key that is used to
decrypt inbound data and encrypt outbound data. Once the key is installed, the Web
server automatically encrypts or decrypts data as it is received or transmitted.
Application development Secure access to data sources and files with password
protection. Block access to several sensitive ColdFusion tags.
Application deployment Prevent applications from executing several
ColdFusion tags that could be used to upload, delete, or otherwise manipulate
server files.
Administrative Access Secure access to ColdFusion administrative functions
with password protection.
Application development Control access to files, data sources and
administration for each developer on your team. Coordinate team development
on shared servers with the assurance that sensitive data and applications are
secure.
Application deployment Create complex rules to programmatically control
access to functionality within applications. Provide multiple levels of user access
from within an application. Confine applications to secure areas that can flexibly
restrict the access applications have to directories, components, databases or
other resources on the server.
Administrative access Assign different degrees of administrative access to
specified users.
61