If you are hosting your application in a sandboxed environment, such as shared hosting, then you may find yourself coming up against the the following error, especially if your using FuseBox 5 which is what caused it in my case.
Security: The requested template has been denied access to C:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\cfmessage_en_US_.js.
There are 2 issues involved here.
1) This file doesn't actually exist, at least not on any servers I checked.
2) Your code wont have access to this path in a sandboxed environment.
Now the quick and easy solution to this (for the host) would be to add the above path to your default sandbox with READ permission so that all customers have access to it, even if the file is not there at least CF can look for it. But alas this is not possible as sandbox security is not this flexible and does not allow you to globally give access to paths in this way. Sadly you must explicitly put paths into each and every sandbox for each and every site. Why Adobe have still not addressed this I have no idea, as I have informed them of this issue since ColdFusion MX 6 as the same problem occurs with all paths that CF needs access to for certain tags, such as temp folders (for file uploads), the windows fonts folder (for cfdocument) etc.
Thankfully there is another solution, at least for those of us that do not actually need this file. It seems that the inclusion of this file is locale specific, so if you set your locale to UK then CF no longer tries to load this file and the error goes away.
SetLocale("English (UK)")
I have not tested other locales, but I am guessing here that different people will have different versions of that file depending on their installation locale. So because I am in the UK, perhaps I got the plain old cfmessage.js file, which seems to be the default. If your in the USA then perhaps you do have a cfmessage_en_US_.js.
This problem may also be specifically caused by FuseBox 5 setting the wrong locale somewhere in its core files, and the same may apply to other frameworks too.
Jan 18, 2008 at 8:22 PM Russ, have you tried copying the /CFIDE/scripts/ directory from another CF installation and uploading it to your webroot on the shared host? That should work just as well-- you'd have a real /CFIDE/scripts/ folder instead of a mapping to one.
Jan 20, 2008 at 1:57 PM Nice try Tom, but it is not that simple.
If the page was trying to load from /CFIDE then it already work with the exisitng vDIR, but if you read the post again you will that the problem is server side, not client side, thus why there is a security error.
Also we provide a CFIDE virtual directory by default, it is created automatically by the control panel for every customer who enables ColdFusion in their hosting plan, so if a customers also created a local CFIDE folder, this would cause a conflict.
Jan 21, 2008 at 1:27 AM @Russ, I see-- my mistake. I interpreted the security error and your statement that "this file doesn't actually exist" to mean that the whole /CFIDE directory wasn't available in your hosting setup. Some people do have the problem of not being able to access CF8's AJAX scripts, and the upload of a copy of /CFIDE/scripts would solve their problems. But you're right that it won't help the situation you described.
Sep 2, 2008 at 7:16 PM I mysteriously got this error all of a sudden contacted my webhost. They quickly fixed it and said it was a permission error on their side.
Sep 2, 2008 at 11:02 PM yes it a permissions problem, the solution to which you can find in this very post.