Adobe 38000827 Administration Guide - Page 61

Using sandbox security, About directories and permissions

Get Adobe 38000827 - Macromedia ColdFusion MX Standard Edition PDF manuals and user guides
UPC - 718659577186
View all Adobe 38000827 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 61 highlights

Using sandbox security Sandbox security uses the location of your ColdFusion pages to control access to ColdFusion resources. A sandbox is a designated directory of your site to which you apply security restrictions. By default, a subdirectory (or child directory) inherits the sandbox settings of the directory one level above it (the parent directory). If you define sandbox settings for a subdirectory, you override the sandbox settings inherited from the parent directory. For example, consider the following directories: D:\Leaders D:\Leaders\Roman D:\Leaders\Roman\Pompey By default, the sandbox settings of the Leaders directory are inherited by the Roman and Pompey directories. If you define sandbox settings for the Roman directory, these settings are inherited by the Pompey directory; the Leaders directory maintains its original settings. This hierarchical arrangement of security permits the rapid configuration of personalized sandboxes for users with different security levels. For example, if you are a web hosting administrator who hosts several clients on a ColdFusion shared server, you can configure a sandbox for each customer. This prevents one customer from accessing the data sources or files of another customer. These are the resources that you can restrict: • Data Sources Data sources connect ColdFusion applications to databases. • CF Tags These ColdFusion tags interact with other components of the server environment, such as the mail server. • CF Functions These ColdFusion functions have read or write access to files. • Files/Dirs Using a parent and child directory model, you restrict permissions based on the path. • IP/Ports You restrict pages in a sandbox from accessing entire IPs, a specific port, or port range with the tags that call third-party resources. About directories and permissions ColdFusion file permissions are based on the Java security model. A dash (-) indicates all files in the present directory and any child directories, including files in any child directories; an asterisk (*) indicates all files in the present directory and a list of child directories, but not files. Consider the following file structure: C:\foo\bar.txt C:\pat\riots\c.txt C:\pat\riots2\d.txt C:\pat\a.txt Using sandbox security 53

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
Using sandbox security
53
Using sandbox security
Sandbox security uses the location of your ColdFusion pages to control access to
ColdFusion resources. A
sandbox
is a designated directory of your site to which you
apply security restrictions. By default, a subdirectory (or
child
directory) inherits the
sandbox settings of the directory one level above it (the
parent
directory). If you define
sandbox settings for a subdirectory, you override the sandbox settings inherited from the
parent directory. For example, consider the following directories:
D:\Leaders
D:\Leaders\Roman
D:\Leaders\Roman\Pompey
By default, the sandbox settings of the Leaders directory are inherited by the Roman and
Pompey directories. If you define sandbox settings for the Roman directory, these settings
are inherited by the Pompey directory; the Leaders directory maintains its original
settings.
This hierarchical arrangement of security permits the rapid configuration of personalized
sandboxes for users with different security levels. For example, if you are a web hosting
administrator who hosts several clients on a ColdFusion shared server, you can configure
a sandbox for each customer. This prevents one customer from accessing the data sources
or files of another customer.
These are the resources that you can restrict:
Data Sources
Data sources connect ColdFusion applications to databases.
CF Tags
These ColdFusion tags interact with other components of the server
environment, such as the mail server.
CF Functions
These ColdFusion functions have read or write access to files.
Files/Dirs
Using a parent and child directory model, you restrict permissions based
on the path.
IP/Ports
You restrict pages in a sandbox from accessing entire IPs, a specific port, or
port range with the tags that call third-party resources.
About directories and permissions
ColdFusion file permissions are based on the Java security model. A dash (-) indicates all
files in the present directory and any child directories, including files in any child
directories; an asterisk (*) indicates all files in the present directory and a list of child
directories, but not files.
Consider the following file structure:
C:\foo\bar.txt
C:\pat\riots\c.txt
C:\pat\riots2\d.txt
C:\pat\a.txt