Comments on: ColdFusion Sandboxing and cfreport

By: Elias

Elias — Wed, 13 May 2009 17:58:11 +0000

Hey, finally i could fix it.

For some reason the folder \tmpCache\CFFileServlet\_cfreport was not empty in development (850 mg!!!), but in production it was.

I erased the folder and i creates the folder again, with this, cfreport works again.

By: Elias

Elias — Tue, 12 May 2009 21:50:46 +0000

I have to servers, development and production, all reports in production are ok, but in development any report work fine.

This error happened suddenly, I do not know why.

It forgot it, my cf version is the 8.0.1

thks!!!

By: Jochem

Jochem — Tue, 12 May 2009 21:09:55 +0000

First try your report on another server with the same patchlevel. Then try clearing out the cfclasses folder.

By: Elias

Elias — Tue, 12 May 2009 20:32:03 +0000

and when ” Enable ColdFusion Sandbox Security ” is not checked, but the error is the same, what can i do??????????? please……

By: James Holmes

James Holmes — Tue, 20 Jan 2009 14:48:05 +0000

I just discovered that the cffeed tag can have issues (at least on CF8.01 patched to current levels as of this post) unless {cfroot}/WEB-INF/cfusion/lib is permitted in the sandbox.

http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:58123

BTW, anyone still getting errors after adding the sandbox rules should restart the server - classes created with the old sandbox rules are cached and may not be cleared until you restart.

By: Jochem

Jochem — Wed, 17 Dec 2008 16:13:44 +0000

If you want to know how your sandbox is configured just try the following code to read the neo-security.xml file:

#HTMLCodeFormat(fileContent)#

By: Sebastiaan

Sebastiaan — Wed, 17 Dec 2008 10:49:51 +0000

Hi Jochem,

at our servers we can use CFIMAGE en CFFILE upload no problem within our shared sandbox.

Does this mean that the sandbox is NOT limited?

By: “it could be bunnies” » Blog Archive » ColdFusion shared hosting security and internals

Mon, 15 Dec 2008 12:44:11 +0000

[...] we need to grant read and execute permissions on that directory to every Sandbox (you can adapt the script I posted before for that). I just ran into this this weekend when I updated my dump template to show interface [...]

By: “it could be bunnies” » Blog Archive » CF shared hosting security: filesystem access and sandbox security

Tue, 02 Dec 2008 19:58:42 +0000

[...] To get real security against this reading of directories we need to enable Sandbox Security. Sandbox Security allows us to define a directory on the filesystem as a Sandbox and subject every request that starts from that Sandbox to a set of constraints. These constraints can include which tags are allowed, i.e. forbid cfregistry outright, or which resources can be accessed. Typically each Sandbox is defined at the root of a customers FTP and / or WWW directory and then allows for access of only some directories and datasources. Setting up the allowed resources and tags in a Sandbox can occasionally be a bit counterintuitive, for instance to allow a file to be used in a cfinclude it needs execute permissions and several extra directories need to be accessible for some tags. [...]

By: Jochem

Jochem — Thu, 30 Oct 2008 16:30:57 +0000

I haven’t seen the problem since changing the Sandbox settings.