August 2001
Intermediate to advanced
976 pages
38h 8m
English
Content preview from Programming ColdFusionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 8. Security
Security is a key part of any web application. As more and more aspects of daily life get conducted online, users want to be sure that the information they provide to web applications is taken care of properly. On the flip side, businesses want to make sure that the people who use their web applications are who they say they are. In this chapter, we’ll cover two keys aspects of security: authentication and authorization. Authentication is the process of verifying the identity of a user, while authorization is the process of limiting access to resources to particular users.
In this chapter, we’ll look at two approaches to application
security. The first approach uses a combination of database tables
and application code to manage authentication and user entitlements,
in effect implementing security from scratch. Because the
Application.cfm template is automatically
invoked with each page request, it is the ideal place to handle
security tasks in your ColdFusion applications. The second approach
uses ColdFusion’s new Advanced Security services for
authenticating users and authorizing access to resources. Each method
has its pros and cons, which will be discussed.
Note that there is Basic Security within ColdFusion, but it has a different purpose than the Advanced Security services. Basic Security is configurable only from within the ColdFusion Administrator and is used to specify usernames and passwords for the ColdFusion Administrator and ColdFusion Studio. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.