Developing ColdFusion MX Applications with CFML
Securing Applications

About resource security

Resource security lets you secure access to ColdFusion resources based on the ColdFusion page location, by applying a set of access rules to all ColdFusion pages in a directory. The directory or directories to which a set of rules apply is called a sandbox, and resource security is also called sandbox security. The ColdFusion Administrator Security Settings page enables resource security; the Sandbox Security page configures access to resources. Resource security controls access to the following resources:

Resource	Description
Data Sources	Enables access to specified data sources.
CF Tags	Prevents pages from using CFML tags that access external resources. You can prevent pages in the directory from using any or all of the following tags: cfcollection, cfcontent, cfcookie, cfdirectory, cfexecute, cffile, cfftp, cfgridupdate, cfhttp, cfhttpparam, cfindex, cfinsert, cfinvoke, cfldap, cflog, cfmail, cfobject, cfobjectcache, cfquery, cfregistry, cfschedule, cfsearch, cfstoredproc, cftransaction, cfupdate
CF Functions	Prevents pages from using CFML functions that access external resources. You can prevent pages from using any or all of the following functions: CreateObject, DirectoryExists. ExpandPath, FileExists, GetBaseTemplatePath, GetDirectoryFromPath, GetFileFromPath, GetProfileString, GetTempDirectory, GetTemplatePath, SetProfileString
Files/Directories	Sets read, write, execute, and delete access to specified directories, directory trees, or files.
Server/Ports	Controls access to IP addresses and port numbers. You can specify host names or numeric addresses, and you can specify individual ports and port ranges.

By default, resource security rules apply to the specified directory and all its subdirectories. If you create a set of rules for a subdirectory of another sandbox, the subdirectory's rules override the parent directory's rules.

Resource security lets you apply different sets of rules to different directory structures. You can use it to partition a shared hosting environment, so that a number of applications with different purposes, and possibly different owners, run securely on a single server. When multiple applications share a host, you set up a separate directory structure for each application, and apply rules that allow each application to access only its own data sources and files.

Resource security also lets you to structure and partition an application to reflect the access rights that are appropriate to different functional components. For example, if your application has both user functions and administrator functions, you could structure the application as follows:

• Administrator pages go in one directory with access rules that enable most activities.
• User pages go in another directory whose rules limit the files they can modify and the tags they can use.
• Pages required for both administrative and user functions go in a third directory with appropriate access rules.

For more information on configuring resource security, see Administering ColdFusion MX.

Copyright © 2002, Macromedia Inc. All rights reserved.

Comments