Advanced ColdFusion Administration
Configuring Advanced Security

Setting Up a Security Server

The first step to implementing Advanced security is setting up a security server. In a non-clustered environment, the security server is the server hosting ColdFusion, where your ColdFusion programming resources, files, data sources, custom tags, Verity collections and so on, are stored. In a clustered environment, you can define a single security server in the cluster to handle all security authentication and authorization. In this case, the other servers in the cluster all point to the security server to authenticate and authorize users and groups.

You can only administer Advanced security from the security server. You can't administer it from a client or from another server in a cluster.

To set up a security server:

1. Open the ColdFusion Administrator and click the Security link at the top of the navigation bar. Then click the Security Configuration link under Advanced Security in the navigation bar.

   You see the Advanced Security page.

   

2. Select the Use Advanced Server Security check box. This enables you to set up a security context with policies, rules, and users. Click Submit Changes.
3. In the configuration page that appears, enter information for the following advanced security configuration areas:
   • Security Server Connection Settings
   • Security Server Caching Settings
   • ColdFusion Cache Settings
   • The Security Server value is the physical location of the security server. By default, this is the localhost IP# 127.0.0.1. You can supply an IP address or a logical name that can be resolved to a physical address.
4. Enter a Shared Secret, which is part of the encryption key that validates Advanced security transactions. Since the default is the same for all ColdFusion Server configurations, you should change the shared secret at least once.
5. ColdFusion reserves the Authorization and Authentication ports to pass security information. Change the port number values only in the unlikely event that these ports are already in use by some other process on the server.
6. Under Security Server Caching settings, click to enable the Use Security Cache, Use Authorization Cache, or ColdFusion Server Cache if you want ColdFusion to cache security information and transactions on the security server.

   See "Caching Advanced Security Information" for a description of the Advanced security caches.

   You can also change the Refresh Interval setting for any of the caches. This determines how often a cache gets flushed.

   The Load Policy Store Cache at Startup option loads this cache every time you start ColdFusion services.

   The Maximum Entries option in the ColdFusion Cache Settings section sets the maximum number of entries for each cache buffer. If you exceed the number, a warning is written to the server.log file.

Copyright © 2001, Macromedia Inc. All rights reserved.

---