Adobe 38000827 Administration Guide - Page 61
Using sandbox security, About directories and permissions
UPC - 718659577186
View all Adobe 38000827 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 61 highlights
Using sandbox security Sandbox security uses the location of your ColdFusion pages to control access to ColdFusion resources. A sandbox is a designated directory of your site to which you apply security restrictions. By default, a subdirectory (or child directory) inherits the sandbox settings of the directory one level above it (the parent directory). If you define sandbox settings for a subdirectory, you override the sandbox settings inherited from the parent directory. For example, consider the following directories: D:\Leaders D:\Leaders\Roman D:\Leaders\Roman\Pompey By default, the sandbox settings of the Leaders directory are inherited by the Roman and Pompey directories. If you define sandbox settings for the Roman directory, these settings are inherited by the Pompey directory; the Leaders directory maintains its original settings. This hierarchical arrangement of security permits the rapid configuration of personalized sandboxes for users with different security levels. For example, if you are a web hosting administrator who hosts several clients on a ColdFusion shared server, you can configure a sandbox for each customer. This prevents one customer from accessing the data sources or files of another customer. These are the resources that you can restrict: • Data Sources Data sources connect ColdFusion applications to databases. • CF Tags These ColdFusion tags interact with other components of the server environment, such as the mail server. • CF Functions These ColdFusion functions have read or write access to files. • Files/Dirs Using a parent and child directory model, you restrict permissions based on the path. • IP/Ports You restrict pages in a sandbox from accessing entire IPs, a specific port, or port range with the tags that call third-party resources. About directories and permissions ColdFusion file permissions are based on the Java security model. A dash (-) indicates all files in the present directory and any child directories, including files in any child directories; an asterisk (*) indicates all files in the present directory and a list of child directories, but not files. Consider the following file structure: C:\foo\bar.txt C:\pat\riots\c.txt C:\pat\riots2\d.txt C:\pat\a.txt Using sandbox security 53