Understanding ColdFusion Security


ColdFusion provides a framework on which to implement application security. ColdFusion does not provide a complete out-of-the-box solution for application security, as that would be too limited and not flexible enough to handle all the needs of numerous developers building very different applications. Rather, the framework provides the essential building blocks with which to create a robust and flexible role-based security system.

NOTE

Do not confuse application security with development security. ColdFusion provides administrators with the ability to secure entire applications so that developers and users on shared boxes do not step on each other's virtual feet. This is achieved using server sandboxes and is not the subject covered in this chapter. Application security is implemented within specific applications to grant or deny access and to implement access control (whereby users have access only to what they are supposed to).


Application Security Fundamentals

ColdFusion application security is designed to let you easily do the following:

  • Require a login to access an application

  • Allow anything to be used to validate users (databases, LDAP directories, NT domains, Web server authentication, and more), not tying security to any specific authentication implementation

  • Implement access control based on user roles (group or affiliations)

  • Automatically time out logins when appropriate (or terminate them when a browser is closed)

The application security framework makes use of several important terms, which are listed in Table 27.1.

Table 27.1. Application Security Terms

TERM

DESCRIPTION

Authentication

The act of validating that users are who they say they are, based on some user input or provided credentials.

Authorization

The act of determining what a user has the rights to do once she has been authenticated. This usually occurs by determining what role a user belongs to.

Role

A logical group that has rights to specific data or features. Users belong to roles, and roles are granted access as neededaccess is never granted to users directly.




Macromedia ColdFusion MX 7 Certified Developer Study Guide
Macromedia ColdFusion MX 7 Certified Developer Study Guide
ISBN: 0321330110
EAN: 2147483647
Year: 2004
Pages: 389
Authors: Ben Forta

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net