Manualshelf

System information

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER
81828384858687888990
78
CONFIGURING AND ADMINISTERING COLDFUSION 9
Administering Security
Last updated 2/21/2012
Resources that you can restrict
You can restrict the following resources:
Data Sources Restrict the use of ColdFusion data sources.
CF Tags Restrict the use of ColdFusion tags that manipulate resources on the server (or on an external server), such as
files, the registry, Lightweight Directory Access Protocol (LDAP), mail, and the log.
CF Functions Restrict the use of ColdFusion functions that access the file system.
Files/Dirs Enable tags and functions in the sandbox to access files and directories outside the sandbox.
Note: To use the Administrator API when sandbox security is enabled, allow access to the cf_web_root/CFIDE/adminapi
directory.
Server/Ports Specify the servers, ports, and port ranges that the ColdFusion tags that call third-party resources can use.
For more information, see the Administrator online Help.
Note: When you run ColdFusion in the J2EE configuration on IBM WebSphere, the Files/Dirs and Server/Ports tabs are
not enabled.
About directories and permissions
When you enable access to files outside the sandbox, you specify the filename. When you enable access to directories
outside the sandbox, you specify directoryname\indicator, where indicator is a dash or asterisk, as follows:
A backslash followed by a dash (\-) lets tags and functions access all files in the specified directory, and recursively
allows access to all files in subdirectories.
A backslash followed by an asterisk (\*) lets tags and functions access all files in the specified directory and also lets
tags and functions access a list of subdirectories. However, this option denies access to files in any subdirectories.
You can also specify the actions that ColdFusion tags and functions can perform on files and directories outside the
sandbox. The following table shows the relationship between the permissions of a file and a directory:
Add a sandbox (Enterprise Edition only)
ColdFusion Enterprise Edition lets you define multiple security sandboxes.
1 Open the Security > Sandbox Security page in the ColdFusion Administrator.
The Sandbox Security Permissions page appears.
2 In the Add Security Sandbox box, enter the name of the new sandbox. This name must be either a ColdFusion
mapping (defined in the Administrator) or an absolute path.
3 Select New Sandbox from the drop-down list to create a sandbox based on the default sandbox, or select an existing
sandbox to copy its settings to your new sandbox.
4 Click Add.
Permission Effect on files Effect on directories
Read View the file List all files in the directory
Write Write to the file Not applicable
Execute Execute the file Not applicable
Delete Delete the file Delete the directory