Advanced ColdFusion Administration Previous Up One Level Next Search
Configuring Advanced Security


Implementing User Security

The user security feature allows ColdFusion developers to authenticate users and match protected resources with authorized users. See "Securing applications with User security" to learn about user security concepts.

In order to implement user security you must use the ColdFusion Administrator to:

  1. Set up the security server. See "Setting Up a Security Server" for more information.
  2. Set up user directories to authenticate against an NT domain, an LDAP directory, or an ODBC data source. See "Defining User Directories" for more information.
  3. Create a security context for the application. See "Defining a Security Context" for more information.
  4. Specify individual resources to protect and set up policies that match secured resources with authorized users and groups. See "Specifying Resources to Protect" for more information.

After the security framework is in place, developers use the CFAUTHENTICATE tag in individual application pages (or the Application.cfm file) to authenticate users. The IsAuthenticated and IsAuthorized functions enable developers to offer or deny access based on the established security policies. Remember that nothing you configured in the ColdFusion Administrator takes effect until developers enforce the contexts in their applications. See the CFML Reference for more information on IsAuthenticated and IsAuthorized.

Copyright © 2001, Macromedia Inc. All rights reserved. Previous Up Next Search

Banner.Novgorod.Ru