Advanced ColdFusion Administration
Configuring Advanced Security

Implementing Server Sandbox Security

ColdFusion Server Enterprise edition supports server sandbox security for hosted sites. This security feature, controlled by the ColdFusion administrator of a hosted site, offers runtime security based on directory access at a hosted site. See "Securing applications with a security sandbox" to learn about security sandbox concepts.

In order to implement server sandbox security, you must use the ColdFusion Administrator to:

1. Set up the security server. See "Setting Up a Security Server" for more information.
2. Set up user directories to authenticate against an NT domain, an LDAP directory, or an ODBC data source. See "Defining User Directories" for more information.
3. Create a security context for the application. See "Defining a Security Context" for more information.
4. Specify individual resources to protect and set up policies that match secured resources with authorized users and groups. See "Specifying Resources to Protect" for more information.
5. On the ColdFusion Administrator's Advanced Server Security page, select the Use Security Sandbox Settings check box and then click the Security Sandboxes button at the bottom of the page.

   You see the Registered Security Sandboxes page.

6. In the Security Sandbox box, enter a fully qualified path (using forward slashes) for the directory whose contents you want to protect.
7. Select the type of sandbox to create from the Type drop-down:
   • Choosing Operating System protects OS-level resources based on privileges assigned through a Windows NT domain.
   • Choosing Security Context protects ColdFusion resources based on privileges assigned through a security context.
8. Click Add.

   You see the New Sandbox page, with the path you entered in step 6 already in the Location box.

9. Specify a Windows NT Domain or a security context:
   • If you chose Operating System in step 7, enter the NT Domain to authenticate against in the NT Domain box.
   • If you chose Security Context in step 7, select an existing security context from the Security Context drop-down.
10. Enter the username and password for the user whose privileges you want applied to the sandbox. This user must be a member of the security context or NT Domain you selected in step 9.
11. Click Apply to register the sandbox.

Now any ColdFusion user who tries to access the resources in the new sandbox will have the same rights to those resources as the user you specified in step 10.

Copyright © 2001, Macromedia Inc. All rights reserved.

---