Developing ColdFusion Applications
Application Security

Using Advanced Security in Application Pages

Advanced Security makes it easier for developers to enforce application security. After your administrator sets up the appropriate security contexts for your application, you can start using ColdFusion security tags and functions to authenticate users and see whether they are authorized for the part of the application they are trying to access.

This section describes how to use security tags and functions to authenticate users and provide or withhold resources according to the security context's rules.

• Include cfauthenticate on any application page where you want to authenticate users; that is, to ensure that users are who they say they are. You typically use cfauthenticate in your application's Application.cfm file. Pass the authentication information to subsequent pages on which you want to test for authentication.
• ColdFusion sets a cookie, cfauth, to contain authentication information. If you choose not to use this cookie, you must check authentication for each request.
• Use the IsAuthenticated function to check if the current user is authenticated.
• Use the IsAuthorized function to check whether the user is authorized to access resources. This function lets developers offer or deny access to protected resources based on a user's authorization level, which is determined by already established security contexts.
• Use the cfimpersonate tag wherever you want to provide a greater level of access than is otherwise assigned to a particular user.

Read the section "Example of User Authentication and Authorization" to see code examples that show how these tags and functions work in ColdFusion applications.

To learn about syntax and usage for the cfauthenticate and cfimpersonate tags, and the IsAuthenticated and IsAuthorized functions, see the CFML Reference.

Encrypting application pages

For an added measure of security, you can encrypt strings in your applications using the Encrypt and Decrypt functions. For descriptions of these functions, see the CFML Reference.

Copyright © 2001, Macromedia Inc. All rights reserved.

---