ColdFusion provides two levels of resource-based security:
The ColdFusion Administrator Resource Security page (in Standard) and Sandbox Security page (in Enterprise) let you enable resource-based security. In ColdFusion Standard, the page lets you configure the resource settings that apply to all your ColdFusion applications. In ColdFusion Enterprise, the page lets you create sandboxes and configure the resource limitations for each sandbox individually.
ColdFusion lets you control access to the following resources:
Resource |
Description |
---|---|
Data sources |
Enables access to specified data sources. |
CF tags |
Prevents pages from using CFML tags that access external resources. You can prevent pages in the directory from using any or all of the following tags: cfcollection, cfcontent, cfcookie, cfdirectory, cfdocument, cfexecute, cffile, cfftp, cfgridupdate, cfhttp, cfhttpparam, cfindex, cfinsert, cfinvoke, cfldap, cflog, cfmail, cfobject, cfobjectcache, cfpop, cfquery, cfregistry, cfreport, cfschedule, cfsearch, cfstoredproc, cftransaction, cfupdate |
CF functions |
Prevents pages from using CFML functions that access external resources. You can prevent pages from using any or all of the following functions: CreateObject (COM, Java, Web Service), DirectoryExists. ExpandPath, FileExists, GetBaseTemplatePath, GetDirectoryFromPath, GetFileFromPath, GetGatewayHelper, GetProfileString, GetTempDirectory, GetTempFile, GetTemplatePath, SendGatewayMessage, SetProfileString |
Files/directories |
Sets read, write, execute, and delete access to specified directories, directory trees, or files. |
Server/ports |
Controls access from ColdFusion to IP addresses and port numbers. You can specify host names or numeric addresses, and you can specify individual ports and port ranges. |
In ColdFusion Enterprise, sandbox security lets you apply different sets of rules to different directory structures. You can use it to partition a shared hosting environment so that a number of applications with different purposes, and possibly different owners, run securely on a single server. When multiple applications share a host, you set up a separate directory structure for each application, and apply rules that let each application access only its own data sources and files.
Sandbox security also lets you structure and partition an application to reflect the access rights that are appropriate to different functional components. For example, if your application has both employee inquiry functions and HR functions that include creating, accessing, and modifying sensitive data, you could structure the application as follows: