Securing Resources With Rds Security; Securing Applications With A Security Sandbox - MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION Manual

Advanced Security Implementations

Securing resources with RDS security

Remote Development Services (RDS) provides a secure connection from ColdFusion
Studio to the ColdFusion Server environment and is a prerequisite to accessing data
sources, using server-based browsing, and running the interactive debugger.
ColdFusion RDS security provides security services in a team-oriented ColdFusion
development environment where groups of developers, working in ColdFusion
Studio, require different levels of access to ColdFusion files and data sources. RDS
security is a valuable tool both for companies with multiple or geographically
dispersed development groups and for ISPs that host ColdFusion development
environments.
Developers working in ColdFusion Studio, access these ColdFusion resources
remotely, by opening CFM files or accessing data sources. RDS security authenticates
users and grants them access only to the resources assigned to them by a security
context. Advanced security authenticates each user against the NT domain server,
ODBC data source, or LDAP directory specified in the ColdFusion Administrator as
part of a security context
For example, suppose you're a ColdFusion Server administrator at a medium-sized
development company where two development groups, the Pi team and the Gamma
team, are simultaneously developing separate ColdFusion Web applications. You
want to limit the Pi team's access from ColdFusion Studio; they should only be able to
access the data source pi_dsn and the files in the directory c:\development\pi.
The Gamma team should only be able to access the data source gamma_dsn and the
files in the c:\development\gamma directory. You'd use RDS security to create two
different security contexts, one for the Pi team and another for the Gamma team.

Securing applications with a security sandbox

A security sandbox is similar to RDS security—it limits access to resources. The main
difference is that while RDS security secures resources accessed by ColdFusion
Studio developers, a security sandbox secures resources accessed by ColdFusion
applications at runtime. A sandbox provides exactly what its name implies: A
restricted area—an entire directory tree—where the same level of access is enforced
for all users.
ColdFusion offers two types of security sandbox protection:
Security sandboxes are most useful to ISPs that host ColdFusion applications and
development. An ISP can use sandboxes to partition application pages into
individually secure areas. For example, suppose an ISP hosts two different domains,
PetesApps.com and FoleysApps.com, on the same server. The owners of each
domain submit their own custom tags and data sources to the ISP. In turn, the ISP
gives each domain's applications exclusive access to that domain's tags and data
sources. This ensures that a company's resources remain secure, and are not
You can apply the access privileges of a member of any ColdFusion security
context to an entire directory tree.
You can apply the access privileges of a member of a Windows NT Domain to an
entire directory tree.
85