Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 5-DEVELOPING APPLICATIONS
371372373374375376377378379380
358 Chapter 19 Application Security
Using Advanced Security in Application Pages
Advanced Security makes it easier for developers to enforce application security.
After your administrator sets up the appropriate security contexts for your
application, you can start using ColdFusion security tags and functions to
authenticate users and see whether they are authorized for the part of the
application they are trying to access.
This section describes how to use security tags and functions to authenticate users
and provide or withhold resources according to the security contexts rules.
Include
cfauthenticate on any application page where you want to
authenticate users; that is, to ensure that users are who they say they are. You
typically use
cfauthenticate in your applications Application.cfm file. Pass the
authentication information to subsequent pages on which you want to test for
authentication.
ColdFusion sets a cookie, cfauth, to contain authentication information. If you
choose not to use this cookie, you must check authentication for each request.
Use the
IsAuthenticated function to check if the current user is authenticated.
Use the
IsAuthorized function to check whether the user is authorized to access
resources. This function lets developers offer or deny access to protected
resources based on a users authorization level, which is determined by already
established security contexts.
Use the
cfimpersonate tag wherever you want to provide a greater level of access
than is otherwise assigned to a particular user.
Read the section Example of User Authentication and Authorization on page 363 to
see code examples that show how these tags and functions work in ColdFusion
applications.
To learn about syntax and usage for the
cfauthenticate and cfimpersonate tags,
and the
IsAuthenticated and IsAuthorized functions, see the CFML Reference.
Encrypting application pages
For an added measure of security, you can encrypt strings in your applications using
the
Encrypt and Decrypt functions. For descriptions of these functions, see the
CFML Reference.