http://livedocs.adobe.com/ Macromedia LiveDocs - online documentation with user feedback. Copyright 2009, Macromedia, Inc. 2009-11-25T17:48:36 en-us http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity3.htm#623 As follow-up to my previous comments, I have now been able to confirm how things look and work in Pro. I applied a Pro serial number to a trial/developer edition and observed the following which affects both my comments and info on this page.<br><br>1) By changing to Pro, I observed that the name of the page for setting Resource Security does indeed change (in the nav bar) from Sandbox Security to Resource Security.<br><br>2) Further, in Pro, when one selects that page, there is no "root security context" displayed. Instead, one is dropped right into the equivalent of Sandbox's "Security Permissions" page, with the display of the tabs for controlling Datasources, Tag and Functions, etc.<br><br>So in Pro there's no display (naturally) of the "Add Security Sandbox" pane nor even the "Defined Directory Permissions" pane. Instead, one is dropped right into setting up the resource controls for the entire server. Simple and appropriate, but not clarified at all in these docs.<br><br>Indeed, it would be helpful for this page to show both what the page looks like in Enterprise and in Pro, to save people the confusion.<br><br>3) Continuing the refinement of the current phrase above, "If you have the Standard Edition of ColdFusion MX, you can configure the root security sandbox.", besides changing Standard to Professional, the reference to "root security sandbox" should just be removed. It should instead say:<br><br>"If you have the Professional Edition of ColdFusion MX, you can configure resource security controls for all applications on the server." <br><br>4) As to whether Resource Security in Pro is enabled by default, I cannot say. Since in my "downgrade" to Pro I did already have the "Enable ColdFusion Security" checkbox checked, I don't know if it was persisted or not. It would be very useful for someone to install CF from scratch with a Pro license to see if it's enabled by default.<br> carehart@systemanage 0 0 2002-08-07T16:12:00 http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity3.htm#622 As a follow-up to my previous comment, I can now confirm that in Pro, the page for working with this resource security is indeed called Resource Security (not "sandbox Security as it is in Enterprise nor "Security Settings" as is asserted above.<br><br>I can also now confirm that there is no "root security context" in Pro (a confusion that came from the docs in Chap 4 of the Admin manual, which I'll clarify there).<br><br>So the rewording I'd proposed in the last note should instead read:<br><br>"In CFMX Pro, the ColdFusion Administrator Resource Security page enables resource security, configuring access to resources for all templates on the server. In CFMX Enteprise (or Trial or Developer Editions), the Sandbox Security page configures access to resources in any named sandbox. Access can be controlled for the following resources:" carehart@systemanage 0 0 2002-08-07T15:59:00 http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity3.htm#621 Agreeing with jochemd's comment of May 6, this page needs to do a better job of distinsguishing Resource Security (in Pro) from Sandbox Security (in Enterprise).<br><br>In the section "About Resource Security", it states:<br><br>"The directory or directories to which a set of rules apply is called a sandbox, and resource security is also called sandbox security."<br><br>That does suggest they're the same without making a distinction. Further, is it appropriate to say that the set of rules applied to the "root security context" in Pro is really "a sandbox"? It may seem a picky distinction, but for folks just getting started, the looseness and inconsistency of the terminology used in the docs, articles, and admin can be confusing.<br><br>Further, it states:<br><br>"The ColdFusion Administrator Security Settings page enables resource security; the Sandbox Security page configures access to resources. Resource security controls access to the following resources:"<br><br>This is a real mishmash. There is no "security settings page", unless it's that this is the name of the link in the nav bar in Pro. If so, then it should say:<br><br>"In CFMX Pro, the ColdFusion Administrator Security Settings page enables resource security, configuring access to resources for the global "root security context". In CFMX Enteprise (or Trial or Developer Editions), the Sandbox Security page configures access to resources in any named sandbox. Access can be controlled for the following resources:"<br><br>In addition, the final 3 paragraphs of this section (after the table) apply ONLY to Enterprise's Sandbox Security (as they refer to creating andboxes for various directories), yet they freely use the phrase Resource Security as if it's the same thing.<br><br>Speaking of that table, it's missing GetTempFile from the list of functions that can be restricted. carehart@systemanage 0 0 2002-08-07T06:22:00 http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity3.htm#235 Gramatical error:<br><br>"Resource security also lets you to structure and partition " wwwmaster 0 0 2002-06-11T13:34:00 http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/appSecurity3.htm#411 The text at the top of the page suggests that Resource Security and Sandbox Security is the same. However, http://www.macromedia.com/software/coldfusion/whitepapers/pdf/ColdFusionMXFeatureGrid_03.pdf suggests that CF MX Pro does not have Sandbox Security but has Resource Security. How can that be if they are the same? jochemd 0 0 2002-05-06T20:00:00