Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION MX 61
71727374757677787980
Using sandbox security 71
This hierarchical arrangement of security permits the configuration of personalized sandboxes for
users with different security levels. For example, if you are a web hosting administrator who hosts
several clients on a ColdFusion shared server, you can configure a sandbox for each customer.
This prevents one customer from accessing the data sources or files of another customer.
Resources that can be restricted
You can restrict the following resources:
Data Sources Restrict the usage of ColdFusion data sources.
CF Tags Restrict usage of the ColdFusion tags that manipulate resources on the server (or
on an external server), such as files, the registry, LDAP, mail, and the log.
CF Functions Restrict usage of the ColdFusion functions that access the file system.
Files/Dirs Enable tags and functions in the sandbox to access files and directories outside of
the sandbox.
IP/Ports Specify the IP addresses, ports, and port ranges that the ColdFusion tags that call
third-party resources can use.
For more information, see the Administrator online Help.
Note: When running ColdFusion MX in the J2EE configuration on IBM WebSphere, file/directory
security and IP/port security are not enabled.
About directories and permissions
When enabling access to files outside of the sandbox, you specify the filename. When enabling
access to directories outside of the sandbox, you specify directoryname\indicator, where indicator is
a dash or asterisk, as follows:
A backslash followed by a dash (\-) lets tags and functions access all files in the specified
directory and recursively allows access to all files in subdirectories.
A backslash followed by an asterisk (\*) lets tags and functions access all files in the specified
directory and a list of subdirectories, but denies access to files in any subdirectories.
You can also specify the actions that ColdFusion tags and functions are allowed to perform on
files and directories outside the sandbox. The following table shows the relationship between
permissions of a file and a directory:
Permission Affect on files Affect on directories
Read View the file List all files in the directory
Write Write to the file Not applicable
Execute Execute the file Not applicable
Delete Delete the file Delete the directory