| Advanced ColdFusion Administration |
|
|
Configuring Advanced Security |
|
| Advanced ColdFusion Administration |
|
|
Configuring Advanced Security |
|
All types of Advanced Security implement the following four elements:
This section introduces these elements and describes how they work together to build your Advanced Security framework. For detailed, hands-on instructions for actually implementing an Advanced Security framework, see "Creating an Advanced Security Framework".
User directories provide a listing of user information, such as the user's name, login password, and the names of any groups to which the user belongs. ColdFusion Advanced Security lets you incorporate any of the following industry-standard user directories:
A user directory authenticates users by verifying that their credentials match those in the directory. It tells you if someone is a valid user of the system. When you create a security context, you select users and groups from a user directory and then individually assign them access rights to ColdFusion resources. ColdFusion developers then include code in their applications that checks if a user has rights to a resource.
Because ColdFusion uses your existing LDAP directories, NT domains, or data sources, you don't have to create and maintain redundant user directories just to develop or deploy ColdFusion applications. Using existing NT or LDAP provides an added bonus: User groups to whom you assign security privileges automatically inherit changes to group membership; no additional maintenance is required. For example, suppose your company's NT Domain contains a user group called BigDev. You've used Advanced Security to give the BigDev group access to a number of custom tags. Your company hires a new developer to work in the BigDev group. When the new developer is added to the BigDev group in your company's NT domain, she's automatically granted access to the custom tags because of her user group affiliation.
A ColdFusion resource type that you want to protect is the core of Advanced security. Selecting a resource to protect doesn't specify how to protect it or which users can access it; you're simply telling ColdFusion the name and, if applicable, the action of the resource you intend to secure. For example, you can control:
Resources are not secured until you specifically choose to protect them. You can secure the following types of resources:
After you specify a resource to protect, you need to create a policy that gives a set of users access rights to that resource. A policy binds resources to users or user groups, that is, it grants a group of users access to specified resources.
For example, you can create a policy that gives members of a team complete access to three data sources that the team uses regularly. You could also create a policy that specifies the system administrator as the only user who can use the cffile tag's write action.
If you specify a resource to protect but do not include it in any policy, the resource is fully protected within the Security Context-in other words, no users have access to those resources.
A security context is a container for logically-related groups of policies.
You can create and implement as many security contexts as your application or development environment requires:
| Copyright © 2001, Macromedia Inc. All rights reserved. |
|
