Securing The Coldfusion Administrator - MACROMEDIA COLDFUSION 5-ADVANCED ADMINISTRATION Manual

86
accessed or altered by another company's applications. It also ensures that no
applications can tamper with system resources.
The access permissions you assign to a directory tree through a security sandbox
override any other access permissions users might have for the tree. For example,
suppose you designate the directory
sandbox. You configure the sandbox so that nobody could write to any of the Human
Resources department data sources via an application running from
applications/hr_app
write permissions to the HR data sources in all other contexts, would be unable to
write to those sources via an application run from this sandbox.
Note
The security sandbox feature is only available in the Enterprise edition of ColdFusion
Server.

Securing the ColdFusion Administrator

If you've already read earlier chapters of Administering ColdFusion Server, you know
that the ColdFusion Administrator is a browser-based interface that lets you perform
administrative tasks like managing server performance, adding and configuring
ColdFusion data sources, scheduling pages, and managing log files. For any
ColdFusion development project, some level of administration is generally necessary
to set up ColdFusion Server for your application. In some cases, it's feasible for a
single person to perform all the necessary administrative tasks. Many times, though,
you'll want to be able to delegate some ColdFusion management tasks.
With ColdFusion Server, you can decentralize administrative responsibility by
creating multiple administrators. Overall security is maintained because these
additional administrators can control only the resources and policies for which
you've given them explicit responsibility. You can assign the following types of
administrative access to any user:
The ColdFusion decentralized administration model provides two important
benefits:
. Even the Vice President of HR, who would typically have
Administrator Provides complete read and write access to all ColdFusion
Administrator pages.
Privileged Provides read and write access to all the ColdFusion pages except the
Basic and Advanced Security pages; Privileged users have no access at all to the
security pages.
Restricted Provides read and write access only to the Datasources
Administrator pages, the Verify Data Source page, and the Verity Collections
page; Restricted users have no access to any other ColdFusion Administrator
pages. You can configure Restricted access so that a user only has access to
specified data sources
It helps your teams streamline the development process and work together more
efficiently.
It lightens the administrator's load without sacrificing his control over the system.
Chapter 5 Configuring Advanced Security
c:/applications/hr_app
as a security
c:/