1 / 14

Security in ColdFusion MX

Security in ColdFusion MX. Raymond Camden, jedimaster@macromedia.com ColdFusion Engineer Date: June 15 th , 2002. Agenda. Basic Security Concepts Security in ColdFusion Security tags and functions Example Q and A. Basic Security Concepts. Authentication

helmut
Download Presentation

Security in ColdFusion MX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in ColdFusion MX Raymond Camden, jedimaster@macromedia.com ColdFusion Engineer Date: June 15th, 2002

  2. Agenda • Basic Security Concepts • Security in ColdFusion • Security tags and functions • Example • Q and A

  3. Basic Security Concepts • Authentication • Proving that you are who you say you are. • Authorization • Proving that you can do something.

  4. Security in ColdFusion • Prior to CFMX • Advanced Security • “Roll Your Own” • CFMX • Roles-based Security

  5. Security Tags • <cflogin> • Runs when user is not authenticated. • cflogin scope. • Attributes: • idleTimeout • Seconds • Defaults to 20 minutes • applicationToken • Defaults to current application. • cookieDomain

  6. <cflogin> Example

  7. <cfloginuser> & <cflogout> • Marks the user as being authenticated. • Attributes: • name • password • roles • Defines the roles for the users (think groups) • <cflogout> logs a user out. (Surprised?)

  8. <cfloginuser>, <cflogout> Example

  9. cflogin scope • Allows for multiple authentication types • Form (j_username, j_password) • URL (j_username, j_password) • Web Server authentication • Flash API • Clusters

  10. cflogin Scope Example

  11. Security Functions • GetAuthUser() • Returns username if logged in. • Returns empty string if not authenticated. • IsUserInRole(role) • Returns true if current user is in a role.

  12. Security Functions Example

  13. Full Example

  14. Questions?

More Related