Securing Resources With Rds Security; Securing Applications With A Security Sandbox - MACROMEDIA COLDFUSION 4.5-ADMINISTRING COLDFUSION SERVER Manual

Chapter 10: Configuring Advanced Security

Securing Resources with RDS Security

Remote Development Services (RDS) provides a secure connection from ColdFusion
Studio to the ColdFusion Server environment and is a prerequisite to accessing data
sources, using server-based browsing, and running the interactive debugger.
ColdFusion RDS security provides security services in a team-oriented ColdFusion
development environment where groups of developers, working in ColdFusion Studio,
require different levels of access to ColdFusion files and data sources. RDS security is a
valuable tool both for companies with multiple or geographically dispersed
development groups and for ISPs that host ColdFusion development environments.
Developers working in ColdFusion Studio, access these ColdFusion resources
remotely, by opening CFM files or accessing data sources. RDS security authenticates
users and grants them access only to the resources assigned to them by a security
context. Advanced security authenticates each user against the NT domain server,
ODBC data source, or LDAP directory specified in the ColdFusion Administrator as
part of a security context
For example, suppose you're a ColdFusion Server administrator at a medium-sized
development company where two development groups, the Pi team and the Gamma
team, are simultaneously developing separate ColdFusion Web applications. You want
to limit the Pi team's access from ColdFusion Studio; they should only be able to access
the data source pi_dsn and the files in the directory c:\development\pi. The
Gamma team should only be able to access the data source gamma_dsn and the files in
the c:\development\gamma directory. You'd use RDS security to create two different
security contexts, one for the Pi team and another for the Gamma team.

Securing Applications with a Security Sandbox

A security sandbox is similar to RDS security - it limits access to resources. The main
difference is that while RDS security secures resources accessed by ColdFusion Studio
developers, a security sandbox secures resources accessed by ColdFusion applications
at runtime. A sandbox provides exactly what its name implies: A restricted area — an
entire directory tree, actually — where the same level of access is enforced for all users.
ColdFusion offers two types of security sandbox protection:
You can apply the access privileges of a member of any ColdFusion security
context to an entire directory tree.
You can apply the access privileges of a member of a Windows NT Domain to
an entire directory tree.
Security sandboxes are most useful to ISPs that host ColdFusion applications and
development. An ISP can use sandboxes to partition application pages into
individually secure areas. For example, suppose an ISP hosts two different domains,
PetesApps.com and FoleysApps.com, on the same server. The owners of each domain
submit their own custom tags and data sources to the ISP . In turn, the ISP gives each
domain's applications exclusive access to that domain's tags and data sources. This
ensures that a company's resources remain secure, and are not accessed or altered by
295