Using Server Sandbox Security

Previous page
Table of content
Next page


ColdFusion Server Enterprise edition supports server Sandbox security for hosted sites. A security Sandbox enables you to limit access to resources at runtime. It provides the security mechanism based on the access to directories, and it enforces the same level of access for all the users of a group. If both application security and server Sandbox security are enabled, the latter takes precedence.

Sandbox works by associating specific security contexts with specific directories. The Sandbox mechanism can be used by ISPs to partition application pages into separate secure areas. An ISP provides a facility to its vendors to create their own Web sites on its Web server. Suppose the ISP hosts two different domains on the same ColdFusion Web server. The users of each domain submit their applications and data sources. They have exclusive access to tags and data sources of that domain. Other vendors cannot access them. Sandbox achieves this differentiation by associating specific security contexts with specific directories. Therefore, it creates various security contexts on the same Web server with different sets of policies.

At the next level, in each vendor's domain, there may be different sets of developers. Each developer or set of developers may be given a limited access to the resources they are granted permission to use in the context. They won't have the permission to access the resources that Sandbox doesn't authorize. The access permissions you assign to a directory tree by using a Sandbox take precedence over any other access permissions users might have for the tree.

Sandbox security uses the location of your ColdFusion pages to control access to ColdFusion resources. It follows the tree path, a subdirectory that inherits the Sandbox settings of the directory one level above it. If you define Sandbox settings in a subdirectory, you can override the settings inherited from the parent directory.

Implementing Sandbox Security

The ColdFusion server enforces Sandbox security. It uses the path location established for the security Sandbox in the ColdFusion Administrator. The steps to implement Sandbox security are as follows:

  1. Set up the security server. Set up user directories to authenticate against an NT domain, an LDAP directory, or an ODBC data source.

  2. Create a security context for the application by specifying resources to protect. Set up policies that match secured resources with the authorized users and groups.

  3. Enter the full path for the directory whose contents you want to protect.

  4. Select the type of Sandbox to create. Select the security context.

To edit security permissions for data sources, CF tags, and CF functions, perform the following steps:

  1. Select the directory to edit in the list of Defined Directory Permissions on the Sandbox Security page. Click the Edit icon for the directory that you want to edit.

  2. Disable a data source by highlighting the data source in the left column of the Data Sources tab and clicking the right arrow. By default, ColdFusion pages in the Sandbox can access all data sources. The ALL DATASOURCES option includes future data sources and those not specified as enabled or disabled.

  3. Disable a tag. By default, ColdFusion pages in the Sandbox can access all listed tags. Click the CF Tags tab. To disable tags, highlight the tags in the left column and click the right arrow.

  4. Disable a function. By default, ColdFusion pages in the Sandbox can access all listed functions. Click the CF Functions tab. To disable functions, highlight the functions in the left column and click the right arrow.

Adding a Sandbox

The default Sandbox for ColdFusion MX Server is the root security content. If you don't require additional Sandboxes, you can configure the default Sandbox. The subdirectories will inherit its security settings. You may have more complicated requirements, so you may want to add a Sandbox. The sequence of tasks for adding a Sandbox is as follows:

  1. Start Administrator and open the Security Sandbox page.

  2. Select Root context. Root Security Context appears in the list of defined directory permissions.

  3. In the Add Security Sandbox box, enter the name of the new Sandbox. This name can be a relative URL.

  4. Select New Sandbox from the drop-down list to create a Sandbox based on the default Sandbox. You can also select an existing Sandbox to copy the settings.

  5. Click Add to include the Sandbox. The new Sandbox appears in the list of defined directory permissions.


Previous page
Table of content
Next page
Macromedia ColdFusion MX. Professional Projects
ColdFusion MX Professional Projects
ISBN: 1592000126
EAN: 2147483647
Year: 2002
Pages: 200
Authors: Rohit Kochar, Parag Rastogi
BUY ON AMAZON
A+ Fast Pass
Adobe After Effects 7.0 Studio Techniques
Snort Cookbook
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
InDesign Type: Professional Typography with Adobe InDesign CS2
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy