About resource security

Resource security lets you secure access to ColdFusion resources based on the ColdFusion page location, by applying a set of access rules to all ColdFusion pages in a directory. The directory or directories to which a set of rules apply is called a sandbox, and resource security is also called sandbox security. The ColdFusion Administrator Security Settings page enables resource security; the Sandbox Security page configures access to resources. Resource security controls access to the following resources:
Resource
Description
Data Sources
Enables access to specified data sources.
CF Tags
Prevents pages from using CFML tags that access external resources. You can prevent pages in the directory from using any or all of the following tags:
cfcollection, cfcontent, cfcookie, cfdirectory, cfexecute, cffile, cfftp, cfgridupdate, cfhttp, cfhttpparam, cfindex, cfinsert, cfinvoke, cfldap, cflog, cfmail, cfobject, cfobjectcache, cfquery, cfregistry, cfschedule, cfsearch, cfstoredproc, cftransaction, cfupdate
CF Functions
Prevents pages from using CFML functions that access external resources. You can prevent pages from using any or all of the following functions:
CreateObject, DirectoryExists. ExpandPath, FileExists, GetBaseTemplatePath, GetDirectoryFromPath, GetFileFromPath, GetProfileString, GetTempDirectory, GetTemplatePath, SetProfileString
Files/Directories
Sets read, write, execute, and delete access to specified directories, directory trees, or files.
Server/Ports
Controls access to IP addresses and port numbers. You can specify host names or numeric addresses, and you can specify individual ports and port ranges.

By default, resource security rules apply to the specified directory and all its subdirectories. If you create a set of rules for a subdirectory of another sandbox, the subdirectory's rules override the parent directory's rules.

Resource security lets you apply different sets of rules to different directory structures. You can use it to partition a shared hosting environment, so that a number of applications with different purposes, and possibly different owners, run securely on a single server. When multiple applications share a host, you set up a separate directory structure for each application, and apply rules that allow each application to access only its own data sources and files.

Resource security also lets you to structure and partition an application to reflect the access rights that are appropriate to different functional components. For example, if your application has both user functions and administrator functions, you could structure the application as follows:

For more information on configuring resource security, see Administering ColdFusion MX.

Comments