Explore ColdFusion Server Advanced Security

ColdFusion Server's Advanced Security feature permeates all levels of Web application development, from the highest level of application architecture to the lowest level of granular control. To build the most secure and stable Web applications possible, you must acquaint yourself with the ins and outs of Advanced Security.

This article acts as a guided tour through the wealth of information contained in Allaire's Knowledgebase regarding Advanced Security. The articles highlighted below cover the installation, configuration, and operational issues that Web developers have encountered with ColdFusion's Advanced Security features.

The articles detailed here are designed to augment the existing product documentation. The first place anyone seeking detailed information on Advanced Security should look is the ColdFusion documentation.

Installation of Advanced Security

Some users have experienced problems when installing ColdFusion Server with Advanced Security on the Solaris platform. For example, Netscape Directory Server installs to a different directory than the default of most Netscape servers. If two separate Netscape Administration Servers exist on the same machine, the Netscape Directory Server may experience stability problems.

To solve this problem, install the Netscape LDAP Directory Server in the same file system directory as your existing Netscape Web server.

The following list of Knowledgebase articles address various installation issues of Solaris and Advanced Security:

• Advanced Security Installation Failure (KB 16249)
• Advanced Security Installation with Netscape LDAP Server (KB 15670)
• Netscape Directory Server Installation (KB 14295)

Configuration of Advanced Security

Because of ColdFusion Server's close integration with OS security measures, you must make a few changes to the configuration options in Windows NT 4.0 and Windows 2000 to take full advantage of all Advanced Security features.

The first Knowledgebase article in this section walks you through setting up a user directory and security context, verifying user authentication, and creating security policies. The second article explains how to secure remote resources for use with ColdFusion Studio. The third article details how to set up the Netscape Directory Server as a user directory. Finally, the fourth article gives you the settings needed to configure an LDAP server as a user directory in ColdFusion Server.

1. Configuring Advanced Security under Windows NT 4.0 and Windows 2000 (KB 12385)
2. Securing Remote Resources for ColdFusion Studio (KB 7686)
3. Setting up Netscape Directory Server as a User Directory Fails (KB 16100)
4. Configuring LDAP as User Directory (KB 12561)

Database Configuration and Advanced Security

Database-driven Web applications have become commonplace in today's Web environment. Consequently, database management and configuration take center stage in Web application development. ColdFusion's Advanced Security supports a variety of databases and user directories. Click here to read about which products have been tested for compliance.

Migrating policy stores from one database to another can be a challenge for even the most experienced Web developers. The following list of Knowledgebase articles offers instructions for various migration strategies:

• Migrating the Policy Store from Microsoft Access to Microsoft SQL Server (KB 14566)
• Migrating the Policy Store from Microsoft Access to Oracle (KB 15891)
• Migrating the SiteMinder Policy Server to an LDAP Database (KB 13335)

Using Advanced Security

Once you have ColdFusion's Advanced Security installed and properly configured, you will need to familiarize yourself with the operation of the SiteMinder Console, debugging options, and known operational issues of Advanced Security.

For example, the ColdFusion security proxy may not stop when the ColdFusion Server is terminated using the /opt/coldfusion/bin/stop script in Solaris. To fix this, replace the line kill$proxypid > /dev/null 2>&1 with kill -9 $proxypid > /dev/null 2>&1 in the /opt/coldfusion/siteminder/cfsmstop script.

Here are several Knowledgebase articles dealing with operating the Advanced Security issues in the ColdFusion Server:

• Logging and Operation of the SiteMinder Console Application (KB 14588)
• Debugging Options with Advanced Security (KB 11432)
• Advanced Security Fails in Non-Networked Windows NT Environments (KB 14378)
• Problems Ending Security Proxy Process (KB 15657)

To learn about CFCONTENT problems related to Windows NT 4.0 Service Packs, refer to KB 16907.

Conclusion

Allaire is committed to addressing security issues and providing customers with the information they need to protect Web applications.

ColdFusion Server's Advanced Security functionality gives you a robust tool set to build secure Web applications. To answer your latest questions and learn new techniques for Web development, go to Allaire's Knowledgebase , the official online resource for technical support publications on all of Allaire's product lines.

Also, visit the Allaire Security Zone for comprehensive coverage on security concerns for any of Allaire's product lines.