ColdFusion Main > ColdFusion Articles > ColdFusion Security ColdFusion SecurityToday's Web applications offer unique opportunities from e-commerce to global communication and collaboration. Developers and administrators alike must concern themselves with issues of security. The nature of the Web-global access, ease of connectivity and interaction, and lack of any real control over clients- creates an environment where application misuse or abuse can flourish All Web applications can potentially fall victim to these security breaches: * Index your Web site and provide a generalized search mechanism, such as a form interface, for executing searches. * Snooping and eavesdropping The risk that someone could "overhear" data being sent over the Web is a primary concern when applications send confidential data, such as credit-card information, over public connections. * User impersonation Without proper authentication control, the risk of non-trusted users gaining access to secure information by impersonating trusted users is a very real risk. Someone who successfully impersonates a trusted user could gain access to anything that user was authorized to see or download. * Unauthorized access The risk of exposing sensitive information to unauthorized users is the biggest and most complex security risk, because the Internet effectively links every computer to one large network. While completely allowing or disallowing access to a given system or data source remains relatively straight-forward, allowing the partial access that is required for an application to be useful remains risky. ColdFusion is a proven, highly secure environment for Web application development and deployment. ColdFusion can help you reduce these security risks: * Encryption ColdFusion supports the Secure Sockets Layer (SSL) protocol which protects against snooping, eavesdropping, or any sort of message tampering when information is passed between clients and servers. * Authentication Authentication simply means making sure someone is a valid user of the system. Authentication involves prompting a user for a unique identification, like a login name, and some form of verification-information that no one other than the user could know, like a password or personal identification number (PIN). * Access control Authenticated users are usually granted access to particular features or components based on security clearance, group affiliation, or other criteria specified by the developer. Next >> 
|
|
|||||||||
|
 |
||||
|
