About security sandboxes

Available in the Enterprise Edition of ColdFusion, a security sandbox secures resources accessed by ColdFusion applications at runtime. A sandbox provides exactly what its name implies: a restricted area (in this case a directory) where all users have the same level of access.

 

ColdFusion offers two types of security sandbox protection:

 

Security sandboxes are most useful to ISPs that host ColdFusion applications and development. An ISP can use sandboxes to partition application pages into individually secure areas.

 

For example, suppose an ISP hosts two different domains on the same server: PetesApps.com and FoleysApps.com. The owners of each domain can submit their own custom tags and data sources to the ISP. In turn, the ISP gives each domain's applications exclusive access to that domain's tags and data sources. This ensures that a company's resources remain secure, and are not accessed or altered by another company's applications. It also ensures that no applications can tamper with system resources.

 

The access permissions you assign to a directory tree through a security sandbox override any access permissions users have for the tree. For example, suppose you designate the direction c:/applications/hr_app as a security sandbox. You configure the sandbox so that nobody could write to any of the Human Resources department data sources via an applicaiton running from c:/applications/hr_app. Even the Vice President of human resource, who would have write permissions to the HR data sources in all other contexts, would be unable to write to those sources via an application run from this sandbox.

 

Note: If both user security and server sandbox security are enabled, sandbox security takes precedence.

Related topics