Advanced Security makes it easier for developers to enforce application security. After your administrator sets up the appropriate security contexts for your application, you can start using ColdFusion security tags and functions to authenticate users and see whether they are authorized for the part of the application they are trying to access.
This section describes how to use security tags and functions to authenticate users and provide or withhold resources according to the security context's rules.
cfauthenticate
on any application page where you want to authenticate users; that is, to ensure that users are who they say they are. You typically use cfauthenticate
in your application's Application.cfm file. Pass the authentication information to subsequent pages on which you want to test for authentication.
cfauth
, to contain authentication information. If you choose not to use this cookie, you must check authentication for each request.IsAuthenticated
function to check if the current user is authenticated.IsAuthorized
function to check whether the user is authorized to access resources. This function lets developers offer or deny access to protected resources based on a user's authorization level, which is determined by already established security contexts.cfimpersonate
tag wherever you want to provide a greater level of access than is otherwise assigned to a particular user.Read the section "Example of User Authentication and Authorization" to see code examples that show how these tags and functions work in ColdFusion applications.
To learn about syntax and usage for the cfauthenticate
and cfimpersonate
tags, and the IsAuthenticated
and IsAuthorized
functions, see the CFML Reference.
For an added measure of security, you can encrypt strings in your applications using the Encrypt
and Decrypt
functions. For descriptions of these functions, see the CFML Reference.