This was a very odd problem I had on a clients site this week. Whenever he used the <CFAjaxProxy> tag on a page, the page simply stopped rendering at the point where the tag appeared. No error appeared on the page or in the ColdFusion logs.
The reason no error occurred turned out to be caused by the application.cfc, he has an OnError function that was doing a cfabort.
<cffunction name="onError" returnType="void" output="false">
<cfargument name="exception" required="true" />
<cfargument name="eventname" type="string" required="true" />
<!--- <cfdump var="#ARGUMENTS#" /> --->
<cfabort />
</cffunction>
Once I got rid of this problem, the following error appeared.
Security: The requested template has been denied access to C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\cfcheckUsername2ecfc1070071758.class.
The following is the internal exception message: access denied (java.io.FilePermission C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\cfcheckUsername2ecfc1070071758.class write)
So yet another path that needs to be added to the sandbox for every site in order for Ajax to work. Really there is no reason why this should be so as the classes should be created by CF internally and no special permissions should be required by the application.
The number of paths now required in each sandbox for CF8 in order for all tags and functions to work correctly is ridiculous. I have enlightened Adobe how things should work in shared hosting environments and all the paths that do not get inherited by sandboxes when applied at a root level, so here's hoping that CF9 will finally be shared hosting friendly.
Jun 15, 2009 at 6:02 PM Do you have a current list of sandbox directories that need to be allowed? I have been using the same set for years but it seems that due to some new features more need to be allowed. Thanks, Snake.
Jun 16, 2009 at 2:46 PM Here is what I am using currently.
Secured Files and Directories
Actions File Path Permissions
Edit Delete
c:\windows\fonts\ Read
Edit Delete
c:\windows\fonts\- Read
Edit Delete
C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\ Read,Write
Edit Delete
C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\- Read,Write
Edit Delete
C:\ColdFusion8\tmpCache\ Read,Write
Edit Delete
C:\ColdFusion8\tmpCache\- Read,Write,Execute,Delete
Edit Delete
C:\ColdFusion8\tmpCache\CFFileServlet\_cf_image\ Read,Write,Execute,Delete
Edit Delete
C:\ColdFusion8\tmpCache\CFFileServlet\_cf_image\- Read,Write,Execute,Delete
Edit Delete
t:\temp\ Read,Write,Delete
Edit Delete
c:\inetpub\wwwroot\CFIDE\ Read
Edit Delete
c:\inetpub\wwwroot\CFIDE\- Read
Edit Delete
t:\temp\- Read,Write
Edit Delete
c:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\ Read
Edit Delete
c:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\- Read
Edit Delete
C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\ Read,Write,Execute
Edit Delete
C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\- Read,Write,Execute
Edit Delete
c:\ColdFusion8\wwwroot\WEB-INF\cftags\ Read,Execute
Edit Delete
c:\ColdFusion8\wwwroot\WEB-INF\cftags\- Read,Execute
Jun 17, 2009 at 3:52 AM Russ, thanks for the updated list.
Quick question... I noticed the Read ability on the c:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\ but is that redundant with c:\inetpub\wwwroot\CFIDE\ ?
Also, have you had a tough time nesting these rules? e.g. c:\domains\- Read Write Execute Delete and c:\domains\mytest\ Read Only I can still delete the mytest directory. Never tried before so I don't know if it's a CF8 thing or not.
Jun 18, 2009 at 2:22 PM Hi Joe,
yes I expect it is redundant. Although I donot think allowing c:\inetpub\cfide is a good idea, it was required for something, even if that is not the path you are using for vDIR. I think it is ajax related again.
You don't have to worry about nested paths unless you implicity want to disallow something further down the tree. You simply disallow c:\domains by default, then allow c:\domains\mydomain.com in each sites sandbox