Manualshelf

System information

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER
81828384858687888990
77
CONFIGURING AND ADMINISTERING COLDFUSION 9
Administering Security
Last updated 2/21/2012
Configure IP address to access exposed services
To configure IP addresses to access exposed services:
1 Go to Security > Allowed IP Addresses
2 To add an IP address, specify the IP address in the IP addresses field and click Add.
3
To remove an IP address, select the IP address from the View/Remove Selected IP Addresses for Exposed Services list.
4 Click Remove Selected to remove the IP addresses.
Using sandbox security
Sandbox security (called Resource security in the Standard Edition) uses the location of your ColdFusion pages to
control access to ColdFusion resources. A sandbox is a designated directory of your site to which you apply security
restrictions. Sandbox security lets you specify which tags, functions, and resources (for example, files, directories, and
data sources) can be used by ColdFusion pages located in and under the designated directory.
To use sandbox security in the multiserver and J2EE editions, the application server must be running a security
manager (
java.lang.SecurityManager) and you define the following JVM arguments (for JRun, this is the java.args
line in the jrun_root/jvm.config file):
-Djava.security.manager "-Djava.security.policy=cf_root/WEB-
INF/cfusion/lib/coldfusion.policy" "-Djava.security.auth.policy=cf_root/WEB-
INF/cfusion/lib/neo_jaas.policy"
Note: Sandbox security is not enabled by default. You enable it on the Security > Sandbox Security page before
ColdFusion enforces the settings.
Using multiple sandboxes (Enterprise Edition only)
By default, a subdirectory of a sandbox inherits the settings of the directory one level above it. However, if you define
a sandbox for a subdirectory, the subdirectory no longer inherits settings from the parent, completely overriding the
parent directory’s sandbox settings. For example, consider the following directories:
C:\Inetpub\wwwroot
C:\Inetpub\wwwroot\sales
C:\Inetpub\wwwroot\rnd
C:\Inetpub\wwwroot\rnd\dev
C:\Inetpub\wwwroot\rnd\'a
If you define a sandbox for the wwwroot directory, the settings also apply to the sales and rnd directories. If you also
define a sandbox for the rnd directory, the rnd sandbox settings also apply to the dev and qa directories. The wwwroot
and sales directories maintain their original settings, and the rnd settings override the wwwroot directory settings for
the rnd directory and subdirectories.
This hierarchical arrangement of security permits the configuration of personalized sandboxes for users with different
security levels. For example, if you are a web hosting administrator who hosts several clients on a ColdFusion shared
server, you can configure a sandbox for each customer. This prevents one customer from accessing the data sources or
files of another customer.