Security > Sandbox Security
Configure sandbox security to protect your ColdFusion server
Sandbox Security allows securing and restricting code based on template location. This is useful for multi-application server environments and is recommended to be enabled. Note that Sandbox Security is not enabled by default.
Overview
Sandbox Security helps prevent applications from operating outside their predefined spaces by restricting file system access, tag usage, and data source connections. This feature is particularly valuable in multi-host and multi-application server environments where different applications need to be isolated from each other for security purposes.
Key Recommendations
- Disable sensitive tags like <cfexecute> and <cfregistry>
- Restrict each sandbox to only required data sources
- Disable tags/functions not needed in each sandbox directory
Practical Tips
- Review ColdFusion security recommendations
- Carefully audit and restrict tag/function access
- Implement least-privilege access principles
Additional Help
Stuck?
Convective offers ColdFusion support services and can help with comprehensive security configuration. Find out more.