Advanced ColdFusion Administration
Configuring Advanced Security

Creating an Advanced Security Framework

No matter which Advanced Security feature you choose to implement-user security, RDS security, a security sandbox, or administrator security-you'll follow the same basic steps for creating the framework:

1. Set up the security server. See "Setting Up a Security Server" for more information.
2. Set up user directories to authenticate against an NT domain, an LDAP directory, or an ODBC data source. See "Defining User Directories" for more information.
3. Create a security context for the application. See "Defining a Security Context" for more information.
4. Specify rules and policies to protect resources with authorized users and groups. See "Specifying Resources to Protect" for more information.

The rest of this chapter teaches you how to configure Advanced security on the ColdFusion server.

Implementation summary

The details of your ColdFusion Server Advanced Security implementation depend largely on your platform and how you decide to store security policy information. Security policy information can be stored in one of three ways:

• Using the Access database file supplied by default with ColdFusion Server (Windows only)
• Using the ODBC data source of your choice
• Using an LDAP directory server. LDAP is the only option on UNIX.

Once you have decided on a method of storing security policy information, the implementation details are essentially the same regardless of platform and storage type. ColdFusion Advanced Security is implemented by defining the following elements in order:

1. A security server.
2. A user directory, in the form of an NT domain, an LDAP directory, or an ODBC data source.
3. A security context, with specific resource types to protect.
4. Specific ColdFusion rules to protect resources of a type suppported by the security context.
5. Policies that bind users and groups to rules for a security context.

Copyright © 2001, Macromedia Inc. All rights reserved.

---