description |
---|
Welcome to the ColdBox Security, the best way to secure your ColdBox apps. |
The Best Way To Secure Your Applications
The ColdBox cbsecurity
module is a collection of modules to help secure your ColdBox applications.
Security Visualizer
The major areas of concern are:
- A security authentication/authorization firewall (
cbsecurity
) which can secure your application based on:- Security rules and a rule engine for validation of incoming events or URL patterns
- Handler annotations
- Security service for explicit authorizations (
cbsecurity
) to provide you with functional approaches to security context authorization in any layer of your application. - A JWT generator, decoder, and authentication services (
jwtcfml
) - Cross-Site Request Forgery (CSRF) Protection (
cbcsrf
) - An authentication manager (
cbauth
) which can be plug-and-play with your own or third-party modules - Basic Authentication services that provide basic user credential storage and browser challenges
- A graphical user interface for visualizing the firewall and operational settings we lovingly call the CBSecurity Visualizer
- Industry-standard response headers to protect against XSS, clickjacking, frame busting, and much more
- Generate secure and random passwords
- Ability to have global security rules
- The ability for modules to add their own security rules and action overrides
- Ability to distinguish between authentication and authorization issues
- Annotation-driven cascading security for handlers and actions
- A functional security service that can be injected anywhere to provide you with authorizations
- Security rules can exist in:
- XML File
- JSON File
- Database
- Models
- The rules can be configured to use regular expressions or simple snippets
- You can use ColdFusion authentication security
- Can leverage any custom authentication provider
- Plug any Authentication service or can leverage cbauth by default
- Ability to distinguish between invalid authentication and authorization and determine the process's outcome.
- Ability to load/unload security rules from contributing modules.
- The ability for each module to define its own
validator
- JWT Access and Refresh Tokens Native support
The ColdBox Security Module is maintained under the Semantic Versioning guidelines as much as possible. Releases will be numbered in the following format:
<major>.<minor>.<patch>
And constructed with the following guidelines:
- Breaking backward compatibility bumps the major (and resets the minor and patch)
- New additions without breaking backward compatibility bumps the minor (and resets the patch)
- Bug fixes and misc changes bumps the patch
Apache 2 License: http://www.apache.org/licenses/LICENSE-2.0
- Code: https://github.com/coldbox-modules/cbsecurity
- Issues: https://github.com/coldbox-modules/cbsecurity/issues
The ColdBox Security Module is a professional open-source software backed by Ortus Solutions, Corp offering services like:
- Custom Development
- Professional Support & Mentoring
- Training
- Server Tuning
- Security Hardening
- Code Reviews
- Much More
The Box products and modules community for discussion and help can be found here:
https://community.ortussolutions.com/c/box-modules/cbsecurity/
Because of His grace, this project exists. If you don't like this, then don't read it; it's not for you.
"Therefore being justified by faith, we have peace with God through our Lord Jesus Christ: By whom also we have access by faith into this grace wherein we stand, and rejoice in hope of the glory of God." Romans 5:5