Deploying Applications - MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION Manual

64
Basic security is a good choice to protect ColdFusion resources if your company
consists of a single development group or several small groups all physically located
at the same site. Because these developers can be considered highly-trusted users,
Basic security can still make sense when they are away from the office and are using
RDS to develop applications remotely.
When you use Basic security to restrict access to a ColdFusion server, developers can
access all files and mapped network drives on the server with a single password. This
same password provides remote access to the server through RDS.
Developing applications with Advanced security
Advanced security is the ideal choice for administrators who need to meet the
security challenges posed by remote or hosted ColdFusion application development.
Unlike Basic security, which gives all developers the same level of access to all
ColdFusion resources, Advanced security lets you customize access control for
individual developers and development groups.
Using Advanced security requires more planning and configuration than using Basic
security, but the benefits you'll see in streamlined development processes are well
worth the time you'll invest. With Advanced security, you must specify the data
sources and directories you want to protect, and then grant explicit access to these
resources to specific groups or individual users. Protected resources can't be
accessed by anyone to whom you haven't given permissions. Advanced security
provides even further granularity by letting you explicitly specify the following on a
group-by-group basis:
Because Advanced security uses your existing LDAP directories, NT domains, or
ODBC data sources to authenticate ColdFusion developers, you never have to
maintain redundant user lists. Advanced security automatically inherits any changes
you make to your LDAP directories, NT domains, and ODBC data sources.

Deploying applications

Web applications present new security challenges for IT managers, administrators,
and application developers. Basic security leaves the bulk of runtime security
implementation to application developers. Advanced security makes it easier for
developers to authenticate users and authorize application access, because
Advanced security separates group membership and user logon maintenance from
security policy specification.
The types of SQL commands that can be performed against a data source
Read and write access to files
The types of actions allowed by CFML tags
Delete, optimize, purge, search, and update access to search collections
Chapter 3 ColdFusion Security