ColdFusion provides a framework on which to implement application security. ColdFusion does not provide a complete out-of-the-box solution for application security, as that would be too limited and not flexible enough to handle all the needs of numerous developers building very different applications. Rather, the framework provides the essential building blocks with which to create a robust and flexible role-based security system. NOTE Do not confuse application security with development security. ColdFusion provides administrators with the ability to secure entire applications so that developers and users on shared boxes do not step on each other's virtual feet. This is achieved using server sandboxes and is not the subject covered in this chapter. Application security is implemented within specific applications to grant or deny access and to implement access control (whereby users have access only to what they are supposed to). Application Security FundamentalsColdFusion application security is designed to let you easily do the following:
The application security framework makes use of several important terms, which are listed in Table 27.1.
|