Using Sandbox Security; About Directories And Permissions - Adobe 38000827 - Macromedia ColdFusion MX Standard Edition Administration Manual

Using sandbox security

Sandbox security uses the location of your ColdFusion pages to control access to
ColdFusion resources. A sandbox is a designated directory of your site to which you
apply security restrictions. By default, a subdirectory (or child directory) inherits the
sandbox settings of the directory one level above it (the parent directory). If you define
sandbox settings for a subdirectory, you override the sandbox settings inherited from the
parent directory. For example, consider the following directories:
D:\Leaders
D:\Leaders\Roman
D:\Leaders\Roman\Pompey
By default, the sandbox settings of the Leaders directory are inherited by the Roman and
Pompey directories. If you define sandbox settings for the Roman directory, these settings
are inherited by the Pompey directory; the Leaders directory maintains its original
settings.
This hierarchical arrangement of security permits the rapid configuration of personalized
sandboxes for users with different security levels. For example, if you are a web hosting
administrator who hosts several clients on a ColdFusion shared server, you can configure
a sandbox for each customer. This prevents one customer from accessing the data sources
or files of another customer.
These are the resources that you can restrict:
Data Sources
CF Tags
environment, such as the mail server.
CF Functions
Files/Dirs
on the path.
IP/Ports
port range with the tags that call third-party resources.

About directories and permissions

ColdFusion file permissions are based on the Java security model. A dash (-) indicates all
files in the present directory and any child directories, including files in any child
directories; an asterisk (*) indicates all files in the present directory and a list of child
directories, but not files.
Consider the following file structure:
C:\foo\bar.txt
C:\pat\riots\c.txt
C:\pat\riots2\d.txt
C:\pat\a.txt
Data sources connect ColdFusion applications to databases.
These ColdFusion tags interact with other components of the server
These ColdFusion functions have read or write access to files.
Using a parent and child directory model, you restrict permissions based
You restrict pages in a sandbox from accessing entire IPs, a specific port, or
Using sandbox security 53