CF10 Sandbox Security prevents CFCOLLECTION create from working

Report · Jan 06, 2015

Hello, everyone,

I've got CF10 installed on my dev system. I've created several Solr collections. I have turned on Sandbox Security, and added defined directory permissions for C:/ColdFusion10/cfusion/collections and C:/ColdFusion10/cfusion/jetty folders. I have edited both paths so that NOTHING is disabled.

If Sandbox is on and I remove a collection from within CFAdmin, when I try to use the CFCOLLECTION action="create" tag, I get java.io.filePermission "read" access denied messages.

If I turn off Sandbox, the tag runs fine.

What else do I need to do in order for CFCOLLECTION action="create" to work while Sandbox is on?

V/r,

^_^

Report · Jan 06, 2015

As a sanity check, when you had created a collection (before deleting it) was it appearing in the C:/ColdFusion10/cfusion/collections which you are locking down with sandbox security? You can create them anywhere you want, but I do realize that if you create one in the Admin it offers a default starting location of that path (Assuming you’re not using multiple instances, in which case it points to the instance’s collections folder). Asimportant, when you DO create them with cfcollection, where are you putting them? You must provide the PATH. I’ll assume it’s going to that same location but I just want to be sure.

And in your sandbox, are you defining this path as THE sandbox, or are you defining a sandbox for where you code lives (like the CFCOLLECTION) and then using the “files/dirs” tab to THEN add a pointer to this folder? Furthermore, are using using the /* at the end of the path (in that files/dirs tab) to get it to recurse through subdirectories?

Hope that helps. Let us know.

/charlie

/Charlie (troubleshooter, carehart.org)

Report · Jan 13, 2015

Hi, Charlie! Thanks for chiming in. (Also, sorry for delay in responding..)

Yes, when the collection is created in CFAdmin, the collection IS creating the folders in C:\ColdFusion10\cfusion\collections.

When I create them with CFCOLLECTION, I am specifying the same path to the collections folder.

For the Sandbox, CF10 installs with three items in the Sandbox, already:

(ColdFusion WEB-INF system directory)

(ColdFusion CFIDE system directory)

C:/ColdFusion10/cfusion/wwwroot/

I have added to this list:

C:/ColdFusion10/cfusion/jetty/

C:/ColdFusion10/cfusion/collections/

For each of the two I added, I edited them both:

Data Sources - ALL DATASOURCES enabled

CF Tags - All tags enabled, none disabled

CF Functions - All functions enabled, none disabled

Files/Dirs - Each path (with two entries, each: / and /-) set for Read, Write, Delete

Server/Ports - ALL IP:ports are open, no restrictions

Others - ALL runtimes enabled, none disabled

I have gone in to look at the settings for wwwroot. With one exception, it is identical to the above. That one exception is that all runtimes (under Others) are disabled, none enabled.

V/r,

^_^

Report · Jan 19, 2015

@wolf, did your problem ever get resolved. I missed your reply here last week.

If it remains, I really think the problem is that you have misunderstood how the sandbox works. I had tried to help but perhaps I was not as clear. I said:

“And in your sandbox, are you defining this path as THE sandbox, or are you defining a sandbox for where you code lives (like the CFCOLLECTION) and then using the “files/dirs” tab to THEN add a pointer to this folder? Furthermore, are using using the /* at the end of the path (in that files/dirs tab) to get it to recurse through subdirectories?”

My point was: you do NOT want to define the sandbox where your collections live. You want to define it for where your code that USES the CF tags for accessing the collections where they live (and you would need to tell that sandbox to ALLOW access to the folders where the collection lives).

So you see, you have it backwards, it seems. Let us know if that’s helpful.

/charlie

/Charlie (troubleshooter, carehart.org)

Report · Jan 26, 2015

Hi, Charlie.

So instead of creating a sandbox for the collections and defining the paths to the collection folder, I should add the path of the collection folder to the existing sandbox created for the web server root? Because the code that uses CFCOLLECTION is in a recursive folder under root.

Or did I completely misunderstand?

Thanks,

V/r,

^_^

Report · Jan 26, 2015

That worked, Charlie! Thank you. CFCOLLECTION is now not throwing an error while Sandbox is turned on.

V/r,

^_^

Report · Jan 26, 2015

Glad it helped.

And given your last question, I want to repeat: you create the sandbox for WHERE YOUR CFML CODE LIVES and runs, not for where the collections live. And then, yes, in that sandbox you additionally add the path to the collections in “files/dirs” section of the sandbox. Hope that helps others who may read this down the line.

/charlie

/Charlie (troubleshooter, carehart.org)

Adobe Community

CF10 Sandbox Security prevents CFCOLLECTION create from working

1 Correct answer