Security Risks

The reality of Internet applications is that each piece of data being transmitted from the client to the server and back to the client passes through equipment on several different networks. In multi-tiered systems, the client-server paradigm is extended to include application servers, databases, and other heterogeneous systems. Each of these represents a point where the data passing between a user and the server could potentially be compromised.

To minimize the risk of data's being compromised in this fashion, many Internet applications are built using Secure Socket Layers (SSL) over the HTTPS protocol. Using this technology, data sent between the server and browser (client) is encrypted (the bit depth of encryption can vary among brands and versions of the browsers), making it much more difficult for outsiders to read this data.

NOTE

Although encryption can make users' data more difficult to steal, technologies exist that, given enough time and processing power, can decrypt any encrypted strings. Nevertheless, the stronger the encryption used, the longer it will take a malicious user to decrypt it.

Encryption schemes are good protection from eavesdroppers; however, by themselves, they do not completely guard your data and back-end systems from malicious users. It is commonplace for Web sites/applications to accept end-user input from browsers (input such as forms and/or URL parameters) and pass it directly to the database (or other back-end systems). The application must validate such browser input to ensure only valid data reaches the database.

In many cases, there are pages or whole sections of a Web site that only authorized users can view. These need to be protected with a system through which users can identify themselves (log in) and have the system check whether they are authorized to view the requested page. These login routines can be handled either at the operating system/Web server level, or in the application itself.

A final concept in Internet security is access control. Through the use of firewalls, it is possible to restrict certain machines' communication (as determined by IP or MAC addresses) with certain parts (ports) of other machines. With a well-established set of firewall rules, it is possible to limit the public's access to machines they don't need to access, and offer the application's infrastructure a higher degree of security. For example, it is not uncommon for network administrators to establish firewall rules that only allow access to the database servers from the ColdFusion Application Server. Because the public cannot access this machine directly, it makes it much more difficult for malicious users to compromise the company's data.

What Is ColdFusion's Concern and What Is Not

Application architects must consider security early in the design process. For example, in a typical E-Commerce application you generally have a database, application server, and web server delivering content and accepting orders from disparate clients. Architects must consider all possible points of penetration which may lead to data compromise, including:

• Data Level. Application data is the most crucial and delicate part of any system. It must be protected from contamination and theftfrom authorized and unauthorized users. Database administrators protect data integrity with user accounts, resource permissions, encryption, etc.

• Web Server Level. The web server is the public interface into a network. These interfaces need guarding against unauthorized access and data theft. Administrators typically guard web servers against intrusion and limit web server resources with access permissions. SSL and virtual private networks (VPN) can protect Web server connection from eavesdropping.

• Application Server Level. Application servers are middleware that connects two or more disparate systemstypically a web server and database, mail, or directory servers. Application server connections can be protected via SSL and VPNs. The application server has built-in security to protect its own resources. Developers code their own security paradigm (e.g. roles-based) or extend others (e.g. operating system, web server, etc.) to provide authorization and authentication within applications.

• Operating System (OS) Level. All clients and servers run some form of operating systemweb servers, database servers, phones and PDAs, etc. Operating systems also provide user access controls to protect resources. Some operating systems are capable of encrypting entire file systems.

• Network Level. Network systems require software and hardware security measures. Network devices require physical security typically in a secured network operations center (NOC). Network connections are protected with firewalls (hardware and software), VPNs, filtering, and access controls policies.

Although it provides some base functionality in many of these areas for securing Internet applications, the ColdFusion MX 7 Application Server is not intended to solve all security issues at every level. It can offer application-level security by defending applications against security risks in four areas: Encryption, Validation, Authentication, and Authorization. Let's examine ColdFusion's role in these areas.