Charlie Arehart

Advanced Security is a set of features that came out in 4.0 of ColdFusion Server, and it offers several very interesting improvements on security, both in terms of how authentication is done, and what can be secured. (Many people are under the mistaken impression that Advanced Security is a feature that comes only with the Enterprise. This is not true. The Server Sandbox Security feature is the only Enterprise-specific feature.)

Advanced security can be used to control application development (what resources developers have access to on the server) and application deployment (what users can do in their applications and also what resources they can access on the server). There are also features in Advanced Security to control what resources developers can access via RDS, even without use of the Server Sandbox feature. Authentication can be performed against an NT Domain, an LDAP server, and an ODBC datasource.

You owe it to yourself, your organization, and your users to better understand Advanced Security. See the Allaire documentation, including "Administering the App Server". Version 4.5 will include improved documentation as well as an enhanced interface for administering Advanced Security. Ben Forta's Advanced ColdFusion Development book also has a section devoted to the subject.

Charlie Arehart Education Director, Fig Leaf Software