Update: ColdFusion Sandbox Security on Windows

Allaire reports that when ColdFusion Advanced Security Sandbox is configured, processes created with do not inherit the Sandbox security context. Instead executes with the security context of the ColdFusion Service. This is the "System" account by default.

"Web Hosting providers, particularly, are advised to disable the tag if they rely on Sandbox Security to restrict users' access based on Windows NT Domain accounts."

Affected Software Versions:

ColdFusion 4.5 Enterprise Edition on Windows, ColdFusion 5 Enterprise Edition on Windows Read about it at http://www.allaire.com/Handlers/index.cfm?ID=22237

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AllaireSandbox Security

Show Comments