[HIB-TH] sandbox Adobe'เพื่อป้องกัน Reader จากแฮกเกอร์ with more info from adobe

[newsbot]

Cybercriminals จะได้หาทางอื่นในมงกุฎคอมพิวเตอร์ของคุณรัตนากร Adobe ได้เตรียมการแก้ไขแหล่งหัวหน้าช่องโหว่ความปลอดภัยของเอกสารรูปแบบพกพาที่มีการดำเนินการ sandbox""ในการแก้ไขที่สำคัญต่อไปของซอฟต์แวร์ Reader ที่นิยม sandbox ในสำนวนอุตสาหกรรมซอฟต์แวร์ที่แยกจากส่วนที่เหลือของ PC และโปรแกรมที่รวมทั้งระบบปฏิบัติการที่สามารถทำลายโดยโค้ดอันตราย นี้"โหมดป้องกัน"ในโปรแกรม PDF Reader ได้ตาม sandbox windows Microsoft ของการปฏิบัติและการกึ๋นวิศวกรรมจากการค้นหาโฆษณา - ยักษ์ Google, Adobe กรรมการอาวุโสของผลิตภัณฑ์ความปลอดภัยและความเป็นส่วนตัว Brad Arkin กล่าว

ปล. แปลโดย google translate

**Hidden Content: To see this hidden content your post count must be 1 or greater.**

[asylu3]

More info

Using sandbox security

• Comments (0)
• Ratings:0

Sandbox security (called Resource security in the Standard Edition) uses the location of your ColdFusion pages to control access to ColdFusion resources. A sandbox is a designated directory of your site to which you apply security restrictions. Sandbox security lets you specify which tags, functions, and resources (for example, files, directories, and data sources) can be used by ColdFusion pages located in and under the designated directory.
To use sandbox security in the multiserver and J2EE editions, the application server must be running a security manager (java.lang.SecurityManager) and you must define the following JVM arguments (for JRun, this is the java.args line in the jrun_root/jvm.config file):
-Djava.security.manager
"-Djava.security.policy=cf_root/WEB-INF/cfusion/lib/coldfusion.policy"
"-Djava.security.auth.policy=cf_root/WEB-INF/cfusion/lib/neo_jaas.policy"

Note: Sandbox security is not enabled by default. You must enable it on the Security > Sandbox Security page before ColdFusion enforces the settings.
Using multiple sandboxes (Enterprise Edition only)

By default, a subdirectory of a sandbox inherits the settings of the directory one level above it. However, if you define a sandbox for a subdirectory, the subdirectory no longer inherits settings from the parent, completely overriding the parent directory's sandbox settings. For example, consider the following directories:
C:\Inetpub\wwwroot
C:\Inetpub\wwwroot\sales
C:\Inetpub\wwwroot\rnd
C:\Inetpub\wwwroot\rnd\dev
C:\Inetpub\wwwroot\rnd\qa


Ref: Adobe ColdFusion 8

If you define a sandbox for the wwwroot directory, the settings also apply to the sales and rnd directories. If you also define a sandbox for the rnd directory, the rnd sandbox settings also apply to the dev and qa directories; the wwwroot and sales directories maintain their original settings; and the rnd settings override the wwwroot directory settings for the rnd directory and its subdirectories.
This hierarchical arrangement of security permits the configuration of personalized sandboxes for users with different security levels. For example, if you are a web hosting administrator who hosts several clients on a ColdFusion shared server, you can configure a sandbox for each customer. This prevents one customer from accessing the data sources or files of another customer.
Resources that you can restrict

You can restrict the following resources:
Data SourcesRestrict the use of ColdFusion data sources.CF TagsRestrict the use of ColdFusion tags that manipulate resources on the server (or on an external server), such as files, the registry, Lightweight Directory Access Protocol (LDAP), mail, and the log.CF FunctionsRestrict the use of ColdFusion functions that access the file system.Files/DirsEnable tags and functions in the sandbox to access files and directories outside of the sandbox.Note: To use the Administrator API when sandbox security is enabled, you must allow access to the cf_web_root/CFIDE/adminapi directory.
Server/PortsSpecify the servers, ports, and port ranges that the ColdFusion tags that call third-party resources can use.For more information, see the Administrator online Help.
Note: When you run ColdFusion in the J2EE configuration on IBM WebSphere, the Files/Dirs and Server/Ports tabs are not enabled.
About directories and permissions

When you enable access to files outside of the sandbox, you specify the filename. When you enable access to directories outside of the sandbox, you specify directoryname\indicator, where indicator is a dash or asterisk, as follows:

• A backslash followed by a dash (\-) lets tags and functions access all files in the specified directory, and recursively allows access to all files in subdirectories.
• A backslash followed by an asterisk (\*) lets tags and functions access all files in the specified directory and also lets tags and functions access a list of subdirectories. However, this option denies access to files in any subdirectories.

You can also specify the actions that ColdFusion tags and functions can perform on files and directories outside the sandbox. The following table shows the relationship between the permissions of a file and a directory:
Permission
Effect on files
Effect on directories
Read
View the file
List all files in the directory
Write
Write to the file
Not applicable
Execute
Execute the file
Not applicable
Delete
Delete the file
Delete the directory