Developer Center Article

Macromedia ColdFusion MX sandbox/resource security is a powerful and important new feature that many developers and administrators may not know much about but all should fully understand. It's really quite easy to grasp and much simpler than implementing security in previous releases. If you've not explored the feature (or are only familiar with advanced security as it was implemented ColdFusion versions 4 and 5), you should begin with Part One of this two-part series, "Understanding sandbox/resource security."

In this article, I explain how to set up sandbox/resource security, including establishing resource access control for some or all ColdFusion applications. As simple as it is to use, there are a few aspects to consider that might not be obvious at first.

Read Part One to understand the importance of using sandbox/resource security. The article explains how you can use sandbox/resource security to control access to resources in terms of what data sources, files and directories, and external servers/ports can be accessed by ColdFusion tags and functions. You can also limit execution of dozens of potentially misused ColdFusion tags and functions themselves.

Part One explains the differences between resource/sandbox security in ColdFusion MX and "basic security" and "advanced security" in ColdFusion 5 and under. It also compares sandbox security (available in ColdFusion Enterprise Edition) with resource security (available in ColdFusion Professional Edition). Briefly, the main difference between the two is that resource security creates only a single definition of resource restrictions that applies to all templates on the ColdFusion server; sandbox security allows creation of a separate definition that applies to all code in a given directory and its subdirectories on the server (called "sandboxes"), which is especially useful for hosted servers or organizational intranets running multiple unrelated ColdFusion applications.

In this article I walk you through the process of enabling and setting up sandbox/resource security in both Professional and Enterprise editions.

---

About the author

Charlie Arehart is the founder and CTO of SysteManage, based in Laurel, Maryland. A Macromedia certified advanced developer and instructor, Charlie is also a member of Team Macromedia who has logged more than 5 years with ColdFusion and more than 20 years in IT. His monthly "Journeyman" column appears in ColdFusion Developer's Journal, where he's a technical editor. He is a regular speaker at developer conferences, seminars, and user group meetings worldwide, and also provides training and short-term consulting. You can reach him at carehart@systemanage.com.