Skip to main content
S
Sportsmans
Participating Frequently
September 10, 2008
Question

Security Sandbox

  • September 10, 2008
  • 8 replies
  • 763 views
I turned on the ColdFusion Security option in the ColdFusion Administrator - that was a mistake! It has completely ruined my server. I thought I understood the JVM arguments recommended in the documentation but maybe not. Can someone out there please be a little bit more specific on how to fix this problem and point me in the right direction for add the arguments for a multi-server environment?

-Djava.security.manager
-Djava.security.policy="cf_webapp_root/WEB-INF/cfusion/lib/coldfusion.policy"
-Djava.security.auth.policy="cf_webapp_root/WEB-INF/cfusion/lib/neo_jaas.policy"

Doesn't this go in the arguments line in the jvm.config file?
    This topic has been closed for replies.

    8 replies

    N
    Newsgroup_User
    Inspiring
    September 10, 2008
    Sportsmans wrote:
    > I am running on top of JRUN4. I have ColdFusion 8 Enterprise Edition. The jvm.config file located in JRUN4\bin is the main jvm file for server instances.

    I understand that. But I am asking you to reproduce both jvm.config and
    your *-out.log here.

    Jochem


    --
    Jochem van Dieten
    Adobe Community Expert for ColdFusion
    S
    SportsmansAuthor
    Participating Frequently
    September 10, 2008
    One error I've noticed is this:

    unexpected constant #2 59 null

    I cannot find any definite results for this on Google.
    S
    SportsmansAuthor
    Participating Frequently
    September 10, 2008
    I am running on top of JRUN4. I have ColdFusion 8 Enterprise Edition. The jvm.config file located in JRUN4\bin is the main jvm file for server instances.
    N
    Newsgroup_User
    Inspiring
    September 10, 2008
    Sportsmans wrote:
    > I have done what you have instructed but when I Enable ColdFusion Security and
    > restart the server, the server fails and I cannot view any web pages. I am
    > running CF8.01 on Window 2003 Server and IIS6 any ideas?

    So what error is in the *-out.log file? And what exactly is in your
    jvm.config?

    Jochem


    --
    Jochem van Dieten
    Adobe Community Expert for ColdFusion
    S
    SportsmansAuthor
    Participating Frequently
    September 10, 2008
    I have done what you have instructed but when I Enable ColdFusion Security and restart the server, the server fails and I cannot view any web pages. I am running CF8.01 on Window 2003 Server and IIS6 any ideas?

    This has turned out to be the biggest problem I have ever encountered in 5 years+ of Coldfusion experience.
    N
    Newsgroup_User
    Inspiring
    September 10, 2008
    Sportsmans wrote:
    > So this is in the jvm.config file correct?

    Yes.

    Jochem

    --
    Jochem van Dieten
    Adobe Community Expert for ColdFusion
    S
    SportsmansAuthor
    Participating Frequently
    September 10, 2008
    So this is in the jvm.config file correct?
    N
    Newsgroup_User
    Inspiring
    September 10, 2008
    Sportsmans wrote:
    > I turned on the ColdFusion Security option in the ColdFusion Administrator -
    > that was a mistake! It has completely ruined my server. I thought I understood
    > the JVM arguments recommended in the documentation but maybe not.

    > -Djava.security.manager
    > -Djava.security.policy="cf_webapp_root/WEB-INF/cfusion/lib/coldfusion.policy"
    > -Djava.security.auth.policy="cf_webapp_root/WEB-INF/cfusion/lib/neo_jaas.policy"

    Use absolute paths:
    -Djava.security.manager
    "-Djava.security.policy=C:/JRun4/servers/playground/cfusion.ear/cfusion.war/WEB-INF/cfusion/lib/coldfusion.policy"
    "-Djava.security.auth.policy=C:/JRun4/servers/playground/cfusion.ear/cfusion.war/WEB-INF/cfusion/lib/neo_jaas.policy"

    Jochem

    --
    Jochem van Dieten
    Adobe Community Expert for ColdFusion
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices