User Guide
Table Of Contents
- Contents
- Introduction
- Administering ColdFusion MX 7
- Administering ColdFusion MX
- Using the ColdFusion MX Administrator
- Contents
- Initial administration tasks
- Accessing user assistance
- Server Settings section
- Data & Services section
- Debugging & Logging section
- Extensions section
- Event Gateways section
- Security section
- Packaging and Deployment section
- Enterprise Manager section
- Custom Extensions section
- Administrator API
- Data Source Management
- Contents
- About JDBC
- Adding data sources
- Connecting to DB2 Universal Database
- Connecting to Informix
- Connecting to Microsoft Access
- Connecting to Microsoft Access with Unicode
- Connecting to Microsoft SQL Server
- Connecting to MySQL
- Connecting to ODBC Socket
- Connecting to Oracle
- Connecting to other data sources
- Connecting to Sybase
- Connecting to JNDI data sources
- Web Server Management
- Deploying ColdFusion Applications
- Administering Security
- Using Multiple Server Instances
- Administering Verity
- Introducing Verity and Verity Tools
- Indexing Collections with Verity Spider
- Using Verity Utilities
- Contents
- Overview of Verity utilities
- Using the mkvdk utility
- Using the rck2 utility
- Using the rcvdk utility
- Using the didump utility
- Using the browse utility
- Using the merge utility
- Index
Using sandbox security 89
Configuring a sandbox
Before you begin security sandbox configuration, analyze your application and its usage to
determine the tags, functions, and resources that it requires. You can then configure the sandbox
to enable access to the required resources and disable use of the appropriate tags and functions.
For example, if the applications in the sandbox do not use the
cfregistry tag, you can safely
disable it.
Note: In the Standard Edition, the Root Security Context is the only sandbox. There is no initial list of
defined directory permissions.
To configure a sandbox:
1.
Open the Security > Sandbox Security page (Security > Resource Security page in the Standard
Edition) in the ColdFusion MX Administrator.
2.
(Enterprise Edition only) In the list of Defined Directory Permissions, click the name or Edit
icon for the directory.
A page with several tabs appears. This is the initial page in the Standard Edition. The
remaining steps describe the use of each tab.
3.
To disable a data source, in the left column of the Datasources tab, highlight the data source,
and click the right arrow.
By default, ColdFusion pages in this sandbox can access all data sources.
Note: If <<ALL DATASOURCES>> is in the Enabled Datasources column, any data source that you
add is enabled. If you move <<ALL DATASOURCES>> to the Disabled Datasources column, any
new data source is disabled.
4.
Click the CFTags tab.
5.
To disable tags, in the left column of the CFTags tab, highlight the tags, and click the right
arrow.
By default, ColdFusion pages in this sandbox can access all listed tags.
6.
Click the CFFunctions tab.
7.
To disable functions, in the left column of the CFFunctions tab, highlight the functions, and
click the right arrow.
By default, ColdFusion pages in this sandbox can access all listed functions.
8.
Click the Files/Dirs tab.
9.
To enable files or directories, in the File Path box, enter or browse to the files or directories; for
example, C:\pix. A file path that consists of the special token <<ALL FILES>> matches any file.
For information on using the backslash-hyphen (\-) and backslash-asterisk (\*) wildcard
characters, see “About directories and permissions” on page 88.
10.
Select the permissions.
For example, select the Read check box to let ColdFusion pages in the mytestapps sandbox
read files in the C:\pix directory.
11.
Click Add Files/Paths. When you edit an existing sandbox, this button reads Edit Files/Paths.
The file path and its permissions appear in the Secured Files and Directories list.