This area is where we can secure and sandbox code in ColdFusion based on the location of the requested template. This feature is used to restrict applications from operating outside of their predefined space (sandbox). It is common to have several applications using the same server in large organizations or in a multi-host scenario. Sandboxing can be the best way to secure each project’s code base.

We recommend that ColdFusion Sandbox Security is enabled and sensitive tags such as <cfexecute> and <cfregistry> be disabled by default.  Sandbox Security is not enabled by default.

Tip: Be sure to review our ColdFusion security recommendations to help secure your server.

ColdFusion Administrator Sandbox Security.

Next, we will disable two tags to prevent their use: <cfexecute> and <cfregistry>. It is a best practice to disable all tags not used within each sandbox directory. We recommend searching your codebase for each sandbox and disabling any tags or functions that are not needed.

In addition, it is recommended that you restrict each sandbox to only the data sources required.

ColdFusion Administrator User