🔏Introduction

Welcome to the ColdBox Security, the best way to secure your ColdBox apps.

The ColdBox cbsecurity module is a collection of modules to help secure your ColdBox applications.

The major areas of concern are:

A security authentication/authorization firewall ( cbsecurity ) which can secure your application based on:
- Security rules and a rule engine for validation of incoming events or URL patterns
- Handler annotations
Security service for explicit authorizations ( cbsecurity ) to provide you with functional approaches to security context authorization in any layer of your application.
A JWT generator, decoder, and authentication services ( jwtcfml )
Cross-Site Request Forgery (CSRF) Protection ( cbcsrf )
An authentication manager ( cbauth ) which can be plug-and-play with your own or third-party modules
Basic Authentication services that provide basic user credential storage and browser challenges
A graphical user interface for visualizing the firewall and operational settings we lovingly call the CBSecurity Visualizer
Industry-standard response headers to protect against XSS, clickjacking, frame busting, and much more
Generate secure and random passwords

Module composition

Features

Ability to have global security rules
The ability for modules to add their own security rules and action overrides
Ability to distinguish between authentication and authorization issues
Annotation-driven cascading security for handlers and actions
A functional security service that can be injected anywhere to provide you with authorizations
Security rules can exist in:
- XML File
- JSON File
- Database
- Models
The rules can be configured to use regular expressions or simple snippets
You can use ColdFusion authentication security
Can leverage any custom authentication provider
Plug any Authentication service or can leverage cbauth by default
Ability to distinguish between invalid authentication and authorization and determine the process's outcome.
Ability to load/unload security rules from contributing modules.
The ability for each module to define its own validator
JWT Access and Refresh Tokens Native support

Versioning

The ColdBox Security Module is maintained under the Semantic Versioning guidelines as much as possible. Releases will be numbered in the following format:

<major>.<minor>.<patch>

And constructed with the following guidelines:

Breaking backward compatibility bumps the major (and resets the minor and patch)
New additions without breaking backward compatibility bumps the minor (and resets the patch)
Bug fixes and misc changes bumps the patch

License

Apache 2 License: http://www.apache.org/licenses/LICENSE-2.0

Important Links

Professional Open Source

The ColdBox Security Module is a professional open-source software backed by Ortus Solutions, Corp offering services like:

Custom Development
Professional Support & Mentoring
Training
Server Tuning
Security Hardening
Code Reviews
Much More

Discussion & Help

The Box products and modules community for discussion and help can be found here:

https://community.ortussolutions.com/c/box-modules/cbsecurity/

HONOR GOES TO GOD ABOVE ALL

Because of His grace, this project exists. If you don't like this, then don't read it; it's not for you.

"Therefore being justified by faith, we have peace with God through our Lord Jesus Christ: By whom also we have access by faith into this grace wherein we stand, and rejoice in hope of the glory of God." Romans 5:5

NextRelease History

Last updated 1 year ago

Features

Ability to have global security rules

The ability for modules to add their own security rules and action overrides

Ability to distinguish between authentication and authorization issues

Annotation-driven cascading security for handlers and actions

A functional security service that can be injected anywhere to provide you with authorizations

Security rules can exist in:

XML File
JSON File
Database
Models

The rules can be configured to use regular expressions or simple snippets

You can use ColdFusion authentication security

Can leverage any custom authentication provider

Plug any Authentication service or can leverage cbauth by default

Ability to distinguish between invalid authentication and authorization and determine the process's outcome.

Ability to load/unload security rules from contributing modules.

The ability for each module to define its own validator

JWT Access and Refresh Tokens Native support

Versioning

The ColdBox Security Module is maintained under the Semantic Versioning guidelines as much as possible. Releases will be numbered in the following format:

<major>.<minor>.<patch>

And constructed with the following guidelines:

Breaking backward compatibility bumps the major (and resets the minor and patch)

New additions without breaking backward compatibility bumps the minor (and resets the patch)

Bug fixes and misc changes bumps the patch

Professional Open Source

The ColdBox Security Module is a professional open-source software backed by Ortus Solutions, Corp offering services like:

Custom Development

Professional Support & Mentoring

Training

Server Tuning

Security Hardening

Code Reviews

Much More

Discussion & Help

The Box products and modules community for discussion and help can be found here:

HONOR GOES TO GOD ABOVE ALL

Because of His grace, this project exists. If you don't like this, then don't read it; it's not for you.

"Therefore being justified by faith, we have peace with God through our Lord Jesus Christ: By whom also we have access by faith into this grace wherein we stand, and rejoice in hope of the glory of God." Romans 5:5