Skip navigation
mbender1971
mbender1971 Calculating status...
Currently Being Moderated

How to restrict RDS file system access?

Jun 21, 2012 12:46 PM

Can RDS be configured so that the ColdFusion server restricts file system

access to certain directories? Right now with RDS configured, anyone with

access can actually browse all the drives on the server and that is not good.

I would like to restrict all RDS users to just the web root directory. Thanks

in advance!

494 Views   4 Replies   Latest reply: mbender1971, Jun 25, 2012 6:58 AM
 
Replies
  • Charlie Arehart
    Currently Being Moderated
    1. Charlie Arehart,
    Jun 21, 2012 1:41 PM   in reply to mbender1971
    Report

    Are you on CF 10, or earlier? There is a change in 10 that no longer requires creation of sandboxes to restrict dirs in RDS (see http://blogs.coldfusion.com/post.cfm/new-way-to-add-sandbox-permission s-for-users-with-rds-access).

     

    Prior to that, it does require sandboxes, and then you’d use the multiple user feature of the CF Admin to define different users (for the admin and/or RDS) and allocate them to a sandbox. Things do vary also depending on whether you’re using CF Standard or Enterprise/Trial/Developer edition.

     

    For more (besides the docs, such as the Config and Admin manual), see these articles I’ve done in the Adobe Dev Center:

     

    Enabling multiple user access to the ColdFusion Administrator and RDS

    http://www.carehart.org/articles/#2009_1

     

    The following are much older (2002) but most still applies:

     

     

     

    ColdFusion Security, Part One: Understanding Sandbox/Resource Security

    http://www.carehart.org/articles/#2002_11

     

    ColdFusion Security, Part Two: Sandbox/Resource Basics

    http://www.carehart.org/articles/#2002_10

     

     

     

    /charlie arehart

    charlie@carehart.org

     

    Providing fast, remote, on-demand troubleshooting services for CF (and CFBuilder)

    More at http://www.carehart.org/consulting

    See also http://www.cf911.com for more on CF troubleshooting resources

     
    |
    Mark as:
  • mbender1971
    Currently Being Moderated
    2. mbender1971,
    Jun 21, 2012 2:00 PM   in reply to Charlie Arehart
    Report

    Thank you so much for replying so fast! I am using ColdFusion 10 and I indeed created a user

    under User Manager and even specified just one directory for access under the Sandbox secured

    files and directories. The problem is that I don't see it doing anything. I restarted my ColdFusion

    Builder 2 and I'm still able to see the C:\ drive and access all the system areas of the server. I

    hope I'm missing something here....

     
    |
    Mark as:
  • Charlie Arehart
    Currently Being Moderated
    3. Charlie Arehart,
    Jun 22, 2012 5:24 AM   in reply to mbender1971
    Report

    So to be clear, you are saying you see the C drive when viewing things in the RDS FileView view (window>show view)?

     

    And are you configuring the server properties (from the server, as listed in the Servers view, right-clicking and choosing “edit server”) to specify the indicated username and password as the server’s Other Settings>RDS Username?

     

    /charlie

     
    |
    Mark as:
  • mbender1971
    Currently Being Moderated
    4. mbender1971,
    Jun 25, 2012 6:58 AM   in reply to Charlie Arehart
    Report

    Thank you again for your reply! I missed something pretty "big" I didn't realize. In order for User Manager to perform sandbox controls you must first have SandBox Security enabled. I totally missed that one as I was more focused on RDS than actual application Sandboxing. Now that I have enabled it everything works as described. Thank you again!

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points