Highlighted

CF10 Sandbox Security prevents CFCOLLECTION create from working

LEGEND ,
Jan 06, 2015

Copy link to clipboard

Copied

Hello, everyone,

I've got CF10 installed on my dev system.  I've created several Solr collections.  I have turned on Sandbox Security, and added defined directory permissions for C:/ColdFusion10/cfusion/collections and C:/ColdFusion10/cfusion/jetty folders.  I have edited both paths so that NOTHING is disabled.

If Sandbox is on and I remove a collection from within CFAdmin, when I try to use the CFCOLLECTION action="create" tag, I get java.io.filePermission "read" access denied messages.

If I turn off Sandbox, the tag runs fine.

What else do I need to do in order for CFCOLLECTION action="create" to work while Sandbox is on?

V/r,

^_^

Adobe Community Professional
Correct answer by Charlie Arehart | Adobe Community Professional

@wolf, did your problem ever get resolved. I missed your reply here last week.

If it remains, I really think the problem is that you have misunderstood how the sandbox works. I had tried to help but perhaps I was not as clear. I said:

“And in your sandbox, are you defining this path as THE sandbox, or are you defining a sandbox for where you code lives (like the CFCOLLECTION) and then using the “files/dirs” tab to THEN add a pointer to this folder? Furthermore, are using using the /* at the end of the path (in that files/dirs tab) to get it to recurse through subdirectories?”

My point was: you do NOT want to define the sandbox where your collections live. You want to define it for where your code that USES the CF tags for accessing the collections where they live (and you would need to tell that sandbox to ALLOW access to the folders where the collection lives).

So you see, you have it backwards, it seems. Let us know if that’s helpful.

/charlie

Views

312

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

CF10 Sandbox Security prevents CFCOLLECTION create from working

LEGEND ,
Jan 06, 2015

Copy link to clipboard

Copied

Hello, everyone,

I've got CF10 installed on my dev system.  I've created several Solr collections.  I have turned on Sandbox Security, and added defined directory permissions for C:/ColdFusion10/cfusion/collections and C:/ColdFusion10/cfusion/jetty folders.  I have edited both paths so that NOTHING is disabled.

If Sandbox is on and I remove a collection from within CFAdmin, when I try to use the CFCOLLECTION action="create" tag, I get java.io.filePermission "read" access denied messages.

If I turn off Sandbox, the tag runs fine.

What else do I need to do in order for CFCOLLECTION action="create" to work while Sandbox is on?

V/r,

^_^

Adobe Community Professional
Correct answer by Charlie Arehart | Adobe Community Professional

@wolf, did your problem ever get resolved. I missed your reply here last week.

If it remains, I really think the problem is that you have misunderstood how the sandbox works. I had tried to help but perhaps I was not as clear. I said:

“And in your sandbox, are you defining this path as THE sandbox, or are you defining a sandbox for where you code lives (like the CFCOLLECTION) and then using the “files/dirs” tab to THEN add a pointer to this folder? Furthermore, are using using the /* at the end of the path (in that files/dirs tab) to get it to recurse through subdirectories?”

My point was: you do NOT want to define the sandbox where your collections live. You want to define it for where your code that USES the CF tags for accessing the collections where they live (and you would need to tell that sandbox to ALLOW access to the folders where the collection lives).

So you see, you have it backwards, it seems. Let us know if that’s helpful.

/charlie

Views

313

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jan 06, 2015 0
Adobe Community Professional ,
Jan 06, 2015

Copy link to clipboard

Copied

As a sanity check, when you had created a collection (before deleting it) was it appearing in the C:/ColdFusion10/cfusion/collections which you are locking down with sandbox security? You can create them anywhere you want, but I do realize that if you create one in the Admin it offers a default starting location of that path (Assuming you’re not using multiple instances, in which case it points to the instance’s collections folder). Asimportant, when you DO create them with cfcollection, where are you putting them? You must provide the PATH. I’ll assume it’s going to that same location but I just want to be sure.

And in your sandbox, are you defining this path as THE sandbox, or are you defining a sandbox for where you code lives (like the CFCOLLECTION) and then using the “files/dirs” tab to THEN add a pointer to this folder? Furthermore, are using using the /* at the end of the path (in that files/dirs tab) to get it to recurse through subdirectories?

Hope that helps. Let us know.

/charlie

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 06, 2015 0
LEGEND ,
Jan 13, 2015

Copy link to clipboard

Copied

Hi, Charlie!  Thanks for chiming in.  (Also, sorry for delay in responding..)

Yes, when the collection is created in CFAdmin, the collection IS creating the folders in C:\ColdFusion10\cfusion\collections.

When I create them with CFCOLLECTION, I am specifying the same path to the collections folder.

For the Sandbox, CF10 installs with three items in the Sandbox, already:

(ColdFusion WEB-INF system directory)

(ColdFusion CFIDE system directory)

C:/ColdFusion10/cfusion/wwwroot/

I have added to this list:

C:/ColdFusion10/cfusion/jetty/

C:/ColdFusion10/cfusion/collections/

For each of the two I added, I edited them both:

Data Sources - ALL DATASOURCES enabled

CF Tags - All tags enabled, none disabled

CF Functions - All functions enabled, none disabled

Files/Dirs - Each path (with two entries, each: / and /-) set for Read, Write, Delete

Server/Ports - ALL IP:ports are open, no restrictions

Others - ALL runtimes enabled, none disabled

I have gone in to look at the settings for wwwroot.  With one exception, it is identical to the above.  That one exception is that all runtimes (under Others) are disabled, none enabled.

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 13, 2015 0
Adobe Community Professional ,
Jan 19, 2015

Copy link to clipboard

Copied

@wolf, did your problem ever get resolved. I missed your reply here last week.

If it remains, I really think the problem is that you have misunderstood how the sandbox works. I had tried to help but perhaps I was not as clear. I said:

“And in your sandbox, are you defining this path as THE sandbox, or are you defining a sandbox for where you code lives (like the CFCOLLECTION) and then using the “files/dirs” tab to THEN add a pointer to this folder? Furthermore, are using using the /* at the end of the path (in that files/dirs tab) to get it to recurse through subdirectories?”

My point was: you do NOT want to define the sandbox where your collections live. You want to define it for where your code that USES the CF tags for accessing the collections where they live (and you would need to tell that sandbox to ALLOW access to the folders where the collection lives).

So you see, you have it backwards, it seems. Let us know if that’s helpful.

/charlie

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 19, 2015 0
LEGEND ,
Jan 26, 2015

Copy link to clipboard

Copied

Hi, Charlie.

So instead of creating a sandbox for the collections and defining the paths to the collection folder, I should add the path of the collection folder to the existing sandbox created for the web server root?  Because the code that uses CFCOLLECTION is in a recursive folder under root.

Or did I completely misunderstand?

Thanks,

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 26, 2015 0
LEGEND ,
Jan 26, 2015

Copy link to clipboard

Copied

That worked, Charlie!  Thank you.  CFCOLLECTION is now not throwing an error while Sandbox is turned on.

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 26, 2015 0
Adobe Community Professional ,
Jan 26, 2015

Copy link to clipboard

Copied

Glad it helped.

And given your last question, I want to repeat: you create the sandbox for WHERE YOUR CFML CODE LIVES and runs, not for where the collections live. And then, yes, in that sandbox you additionally add the path to the collections in “files/dirs” section of the sandbox. Hope that helps others who may read this down the line.

/charlie

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 26, 2015 1