Tuesday, March 6, 2012

New way to add Sandbox permissions for Users with RDS access

Adding users for Administrator & RDS access was a very nice enhancement in ColdFusion 8. With this, Root Administrator can create multiple users with different Roles.


Need of having multiple users is self explanatory. A user can be added to Administrator and given access based on role. Remote Development Services (RDS) access should be granted if a user needs to connect to ColdFusion Builder, Dreamweaver etc.


Till ColdFusion 9.0.1 it was possible to allow access to certain Sandboxes to these users.


However it is changed in ColdFusion 10. There is no need for allowing access to Sandboxes. Instead when RDS access is enabled for a user,access to data sources and files/directories should be given. Else the user will be able to access full drive using RDS. Because these are required for RDS, one can't add/modify/delete these settings if RDS access is disabled for the user.


Adding a user in Administrator -


First To enable support for multiple users,we need to select "Separate user name and password authentication (allows multiple users)" option from Security -> Administrator
(see Figure 1).


Figure 1




It is a security recommendation as well, to keep this option selected even when there are no users defined.


To create a new user, go to Security -> User Manager and click Add User. Fill the form (see Figure 2, Figure 3).Giving a strong password is a good practice.


Figure 2




Figure 3




Notice there is no section for adding access to User Sandboxes. Instead there are two new sections :-


"Sandboxes: Data Source Permissions", and
"Sandboxes: Add / Edit Secured Files and Directories" (See Figure 3).
Appropriate access should be granted for data sources and files/Directories.


Related Entries:
How to Secure ColdFusion Session Cookies with CF 10
New Improved CFLogin
Improved Session Management in ColdFusion 10
ColdFusion 10 Hot-Fix Installer
ColdFusion 10 Secure Profile

2 comments:

  1. Very nice feature set. Can you please allow periods in the user name? The Federal Gov uses firstname.lastname for everything and this breaks that pattern.

    ReplyDelete
  2. Hi Stephen,

    Thanks a lot. Can you please log an ER for this at https://bugbase.adobe.com

    Regards,
    Shilpi

    ReplyDelete

You can subscribe to the comments by licking on "Subscribe by email".