O'Reilly logo

Programming ColdFusion MX, 2nd Edition by Rob Brooks-Bilson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Taking Advantage of ColdFusion MX’s New Security Framework

Before we get into the new security framework in ColdFusion MX, it’s important that we cover a few important changes from previous versions of ColdFusion. In versions prior to MX, ColdFusion supported a set of Advanced Security services that integrated with an OEM version of Netegrity’s popular SiteMinder (Version 3.51 for ColdFusion 4.5.x and Version 4.11 for ColdFusion 5.0) security product for providing granular control within ColdFusion applications. Advanced Security was a bear to use and a nightmare to administer, to say the least. Macromedia dropped the Advanced Security services in ColdFusion MX in favor of a simpler system that uses Java as the underlying service.

This system makes uses of several new tags and functions to provide authentication and authorization functionality in your applications. Additionally, the new system is roles based, meaning that group-level permissions are inherent in its design. To get an idea of just how this new system works and how it differs from the security framework we built in the previous section, let’s rework our portal application to make use of ColdFusion MX’s built-in security framework. We’ll start by rewriting the authentication piece of the portal.

Authenticating Users

ColdFusion MX supports two different types of authentication, application-based and HTTP (web server)-based. We’ll cover both methods in this chapter, but I’d like to start out with a discussion of application-based ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required