Skip to main content
V
vertizonal
Participating Frequently
April 6, 2023
Question

CF2018 Sandbox Security database connections only work when using IP addresses in datasources

  • April 6, 2023
  • 2 replies
  • 442 views

Just restricting CFExecute and CFRegistry for now in the website and custom tags directory. All datasources are allowed, and nothing else is restricted.

 

When using names for datasources (which works Sandbox Security unchecked), I get the following upon restart:

 

Error [ajp-nio-127.0.0.1-8018-exec-1] - Error Executing Database Query.''

 

This is on localhosts with Windows 11. One Windows 10 localhost appears to work fine with server names in the datasources, although there might be something else going on with that setup that isn't obvious.

 

The most I could track down with this is that it appears that Java Security Manager takes over database connections once Sandbox Security is enabled. Maybe Java Security Manager just allows IPs? I couldn't find anything related to that.

 

I don't want to apply this on our live server without understanding why only IPs work, if this is the case, or if something more serious is set up incorrectly with our servers.

 

Any help on this would be greatly appreciated.

This topic has been closed for replies.

2 replies

D
Community Expert
Dave WattsCommunity Expert
Community Expert
April 7, 2023

Just for fun, try removing CFEXECUTE from your sandbox security limitations. I'm guessing that might fix the problem. Let us know if that's what happens!

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC
V
vertizonalAuthor
Participating Frequently
April 10, 2023

Thanks for the reply, Dave. Unfortunately, removing CFEXECUTE as a blocked tag from all the Sandboxes didn't help.

D
Community Expert
Dave WattsCommunity Expert
Community Expert
April 10, 2023

It was kind of a long shot. Basically, when you use a DNS name instead of an IP address anywhere, something has to look that up. For your browser, it's your OS, which talks to the nameserver it's supposed to use, which in turn talks to the authoritative nameserver, and answers come back to your OS and eventually your browser. For JDBC datasources, JDBC uses JNDI (I think) to get the answers back. I thought the rule blocking CFEXECUTE might also be accidentally blocking JDBC & JNDI. Apparently not!

 

You should probably look at the log files, like @BKBK already suggested. Good luck!

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC
BKBK
Community Expert
BKBKCommunity Expert
Community Expert
April 7, 2023

Please have a look at the log files, and share all the relevant information you find. There should be an error message telling you what happened. 

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices