ColdFusion Sandbox

ColdFusion's sandbox security applies directory-based restrictions to limit application access to ColdFusion resources: data sources, tags, functions, and so on. Use sandboxes to partition the shared-host environment into separate directory hierarchies that allow multiple applications to run securely on a single-server platform. Create a separate directory for each application. Then, apply rules that restrict access to the application's own files and data sources.

When enabled, ColdFusion automatically creates sandboxes for the CFIDE and WEB-INF directories. This ensures the security of internal system-level templatesincluding the ColdFusion Administrator. After installation, administrators of shared-hosted environments should immediately create a ROOT sandbox similar to the one shown in Figure 10.3. The following configuration will remove all resource privileges on the server:

• Data Sources. Disable access to all data sources.

• CF Tags. Disable access to all tags.

• CF Functions. Disable access to all functions.

• Files/Dirs. Remove all secured file and directory mappings.

• Servers/Ports. Restrict access to the loopback IP address.

Figure 10.3. Create sandboxes for the root directories on all drives/partitions.

Disabling access to all data sources, tags, and functions on the root or system drive completely protects this drive from ColdFusion. Removing all path names from the Secured Files and Directories prohibits ColdFusion templates from accessing all files, directories, and subdirectories(and any files therein) on the server. The combination of removing access to the Internet Protocol tags (such as <cfhttp>, <cfftp>, <cfmail>, etc.) and restricting access to the loopback address prevents templates from accessing third-party servers.

Chapter 9, "Creating Server Sandboxes," explains how to implement ColdFusion sandbox security.