Chapter 16
Securing Applications

ColdFusion MX has two major security features: resource (file and directory-based) security and user (programmatic) security. This chapter provides an overview of ColdFusion security. It briefly describes how you use the ColdFusion MX Administrator to configure resource security, and discusses structuring an application to take advantage of resource security. It explains in detail how to implement user security in ColdFusion applications.

Other chapters discuss specific security issues as part of the context of their topics. For example, the chapter on LDAP discusses secure access to LDAP directories. Similarly, the section "Enhancing security with cfqueryparam," in Chapter 20 describes a method for preventing inappropriate access to SQL databases. See the Security entries in the Index for a complete listing of such sections.

For detailed information on using Administrator-controlled security features, see Administering ColdFusion MX.

This chapter does not discuss general or web server security concepts and issues. For example, it does not discuss web server security management issues, such as enabling HTTPS protocol support. For information on enabling web server security features, see your web server documentation. Many books and other resources are available on web and application security.

Contents

Comments