Macromedia colfusion mx 7 Manuel
Using sandbox security
89
Configuring a sandbox
Before you begin security sandbox configuration, analyze your application and its usage to
determine the tags, functions, and resources that it requires. You can then configure the sandbox
to enable access to the required resources and disable use of the appropriate tags and functions.
For example, if the applications in the sandbox do not use the
determine the tags, functions, and resources that it requires. You can then configure the sandbox
to enable access to the required resources and disable use of the appropriate tags and functions.
For example, if the applications in the sandbox do not use the
cfregistry
tag, you can safely
disable it.
Note: In the Standard Edition, the Root Security Context is the only sandbox. There is no initial list of
defined directory permissions.
defined directory permissions.
To configure a sandbox:
1.
Open the Security > Sandbox Security page (Security > Resource Security page in the Standard
Edition) in the ColdFusion MX Administrator.
Edition) in the ColdFusion MX Administrator.
2.
(Enterprise Edition only) In the list of Defined Directory Permissions, click the name or Edit
icon for the directory.
icon for the directory.
A page with several tabs appears. This is the initial page in the Standard Edition. The
remaining steps describe the use of each tab.
remaining steps describe the use of each tab.
3.
To disable a data source, in the left column of the Datasources tab, highlight the data source,
and click the right arrow.
and click the right arrow.
By default, ColdFusion pages in this sandbox can access all data sources.
Note: If <<ALL DATASOURCES>> is in the Enabled Datasources column, any data source that you
add is enabled. If you move <<ALL DATASOURCES>> to the Disabled Datasources column, any
new data source is disabled.
add is enabled. If you move <<ALL DATASOURCES>> to the Disabled Datasources column, any
new data source is disabled.
4.
Click the CFTags tab.
5.
To disable tags, in the left column of the CFTags tab, highlight the tags, and click the right
arrow.
arrow.
By default, ColdFusion pages in this sandbox can access all listed tags.
6.
Click the CFFunctions tab.
7.
To disable functions, in the left column of the CFFunctions tab, highlight the functions, and
click the right arrow.
click the right arrow.
By default, ColdFusion pages in this sandbox can access all listed functions.
8.
Click the Files/Dirs tab.
9.
To enable files or directories, in the File Path box, enter or browse to the files or directories; for
example, C:\pix. A file path that consists of the special token <<ALL FILES>> matches any file.
For information on using the backslash-hyphen (\-) and backslash-asterisk (\*) wildcard
characters, see
example, C:\pix. A file path that consists of the special token <<ALL FILES>> matches any file.
For information on using the backslash-hyphen (\-) and backslash-asterisk (\*) wildcard
characters, see
10.
Select the permissions.
For example, select the Read check box to let ColdFusion pages in the mytestapps sandbox
read files in the C:\pix directory.
read files in the C:\pix directory.
11.
Click Add Files/Paths. When you edit an existing sandbox, this button reads Edit Files/Paths.
The file path and its permissions appear in the Secured Files and Directories list.