Installing and Configuring ColdFusion Server
Basic ColdFusion Server Administration

Security

The Security section of the Administrator, accessed by clicking the Security tab at the top of the left navigation bar, lets you configure the Basic and Advanced Security frameworks of ColdFusion Server.

Basic Security

The Basic Security framework activates by default during ColdFusion Server installation, in the Professional and Enterprise editions. It secures ColdFusion Server in three ways:

• Administrative access - Protects access to Administrator pages with a password
• Application development - Protects access to data sources and files with passwords and blocks access to some sensitive ColdFusion tags
• Application deployment - Prevents applications from executing several ColdFusion tags that could be used to update, delete, or manipulate server files

Basic Security provides an adequate level of protection if you have legacy systems, or other security measures, already in place. On the other hand, developers must spend more time writing applications, because, while granular runtime access security is possible with Basic Security, it requires custom development.

For more information, see "Basic Security". For more information about implementing security measures in your ColdFusion applications, see Developing ColdFusion Applications.

Advanced Security

In ColdFusion Server Enterprise Edition, the Advanced Security framework provides scalable, granular security in the following ways:

• Application development - It controls access to files, data sources, and administration for each developer on your team. You coordinate team development on shared servers with the assurance that sensitive data and applications are secure.
• Application deployment - It creates complex rules to programmatically control access to functionality within applications. You can set up multiple levels of user access within an application, and confine applications to secure areas that restrict the access applications have to directories, components, databases, or other resources on the server.
• Administrative access - It assigns different degrees of administrative access to specified users.

For more information, see the Advanced ColdFusion Administration book. For more information about implementing security measures in your ColdFusion applications, see Developing ColdFusion Applications.

Copyright © 2001, Macromedia Inc. All rights reserved.

---