User Guide
356 Chapter 19 Application Security
ColdFusion Security Features
ColdFusion Server Professional and Enterprise editions include Advanced Security
features that provide scalable, granular security for building and deploying your
ColdFusion applications:
• Application development System administrators can control access to files,
data sources, and administration for each developer on the team. They can
coordinate team development on shared servers with the assurance that
sensitive data and applications are secure.
• Application deployment ColdFusion developers can create complex rules to
programmatically control access to functionality within applications. You can
confine applications to secure areas, thereby flexibly restricting the access that
the applications have to directories, components, databases, or other resources
on the server.
This chapter describes the ColdFusion Server features that let you integrate a total
security solution into your applications.
Remote Development Services (RDS) Security
ColdFusion RDS security provides security services to developers working in
ColdFusion Studio. RDS security is at the core of the security framework in a
team-oriented ColdFusion development environment in which groups of
developers, working in ColdFusion Studio, require different levels of access to
ColdFusion files and data sources.
When you are working in ColdFusion Studio, you access these ColdFusion resources
remotely, opening *.cfm files or accessing data sources. RDS security authenticates
you and grants access only to the resources appropriate to your login. Authentication
is carried out against the Windows NT domain server, an ODBC data source, or an
LDAP directory specified in the ColdFusion Administrator as part of a security
context.
There are two ways to implement RDS security services:
• Basic Security Requires developers in ColdFusion Studio to supply a password
which, when authenticated, permits access to RDS Services, such as browsing,
editing, database operations, debugging, and so on.
• Advanced Security Lets ColdFusion administrators restrict or permit access to
file systems and data sources based on security contexts and policies established
on the Advanced Security page of the ColdFusion Administrator.
Your company or ISP ColdFusion Server administrator configures RDS security so
that it best meets the needs of your group.
For detailed information about setting up RDS security, see Advanced ColdFusion
Administration.