Shared Variables; Application Security And User Identification; Mapping An Application - MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX Develop Manual

For an overview of these elements, and information about how to choose among them, see
Chapter 8, "Reusing Code in ColdFusion Pages," on page

Shared variables

The following ColdFusion variable scopes maintain data that lasts beyond the scope of the
current HTTP request:
Variable scope
Session
Client
Application
Server
For more information on using these variables, including how to use locks to ensure that the data
they contain remains accurate, see
on page 315.

Application security and user identification

All applications must ensure that malicious users cannot make improper use of their resources.
Additionally, many applications require user identification, typically to control the portions of a
site that the user can access, to control the operations that the user can perform, or to provide
user-specific content. ColdFusion provides the following forms of application security to address
these issues:
•
Resource (file and directory-based) security
tags, functions, and data sources that application pages in particular directories can access. You
must consider the resource security needs of your application when you design the application
directory structure.
•
User (programmatic) security
based authorization mechanism to ensure that users can only access and use selected features of
the application. User security also incorporates a user ID which you can use to customize page
content. To implement user security, you include security code, such as the
cfloginuser
For more on implementing security, see

Mapping an application

When you design a ColdFusion application, you must map the directory structure. This activity
is an important step in designing a ColdFusion application. Before you start building the
application, you must establish a root directory for the application. You can store application
pages in subdirectories of the root directory.
The following sections describe how you determine where to place your application pages and the
Application.cfm and OnRequestEnd pages in a directory structure. For more information on how
to define and use the Application.cfm page, see
270 Chapter 13: Designing and Optimizing a ColdFusion Application
Description
Variables that are available for a single client browser for a single browser
session in one application.
Variables that are available for a single client browser over multiple browser
sessions in one application.
Variables that are available to all pages in an application for all clients.
Variables that are available to all applications on a server and all clients.
Chapter 15, "Using Persistent Data and Locking,"
Provides an authentication (login) mechanism and a role-
tags, in your application.
163.
Limits the ColdFusion resources, such as
Chapter 16, "Securing Applications," on page
"Creating the Application.cfm page" on page
and
cflogin
345.
272.