Highlighted

Sandbox security - Files/Dirs causing DB issues

New Here ,
Dec 15, 2017

Copy link to clipboard

Copied

I have enabled sandbox security for a site. I added the needed data sources and removed the <<ALL FILES>> in the Files/Dirs section and just added the file paths the site requires.  When visiting the site, I was getting the error:

Error Executing Database Query.access denied (""java.io.FilePermission"" ""[my cf root]\cfusion\wwwroot\WEB-INF\classes\com\mysql\jdbc\configs\coldFusion.properties"" ""read"")

I noticed that this only affects MySQL and Oracle queries (MS SQL server queries would run fine up to the point that I needed to query a MySQL or Oracle DB.)  If I clicked to verify the connections in CF Admin, the site would load and run fine until the server is restarted.

I found this thread: https://forums.adobe.com/thread/2319887 which was almost the same issue I am having that suggested adding: "[cf.root]\cfusion\wwwroot\WEB-INF\classes\" and "[cf.root]\cfusion\wwwroot\WEB-INF\classes\-" with READ permissions.  

So I added those two paths and this allowed the site to work fine until the database connection time expires and now I get "Error Executing Database Query.Can't find configuration template named 'coldFusion'" pointing to some MySQL queries.  Again, if I verify the connection on the MySQL data source, the site will work fine after that until the connection time expires.  Oddly enough, there is no longer an issue with the Oracle data source.

Would this have anything to do with the location I used with the two additional classes for Oracle and MySQL data sources that I reference in the Java & JVM "Coldfusion Class Path" ?  I have these two classes stored outside the cf.root.

Can anyone point me to some guidelines for implementing Sandbox security on Files/Dirs?  If I re-add "<<ALL FILES>>" to the paths with READ permissions the site works fine but I would like to lock this site down a little more.  

BTW, this with CF2016 Update 5 on Windows Server 2016

Thanks.

Views

178

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Sandbox security - Files/Dirs causing DB issues

New Here ,
Dec 15, 2017

Copy link to clipboard

Copied

I have enabled sandbox security for a site. I added the needed data sources and removed the <<ALL FILES>> in the Files/Dirs section and just added the file paths the site requires.  When visiting the site, I was getting the error:

Error Executing Database Query.access denied (""java.io.FilePermission"" ""[my cf root]\cfusion\wwwroot\WEB-INF\classes\com\mysql\jdbc\configs\coldFusion.properties"" ""read"")

I noticed that this only affects MySQL and Oracle queries (MS SQL server queries would run fine up to the point that I needed to query a MySQL or Oracle DB.)  If I clicked to verify the connections in CF Admin, the site would load and run fine until the server is restarted.

I found this thread: https://forums.adobe.com/thread/2319887 which was almost the same issue I am having that suggested adding: "[cf.root]\cfusion\wwwroot\WEB-INF\classes\" and "[cf.root]\cfusion\wwwroot\WEB-INF\classes\-" with READ permissions.  

So I added those two paths and this allowed the site to work fine until the database connection time expires and now I get "Error Executing Database Query.Can't find configuration template named 'coldFusion'" pointing to some MySQL queries.  Again, if I verify the connection on the MySQL data source, the site will work fine after that until the connection time expires.  Oddly enough, there is no longer an issue with the Oracle data source.

Would this have anything to do with the location I used with the two additional classes for Oracle and MySQL data sources that I reference in the Java & JVM "Coldfusion Class Path" ?  I have these two classes stored outside the cf.root.

Can anyone point me to some guidelines for implementing Sandbox security on Files/Dirs?  If I re-add "<<ALL FILES>>" to the paths with READ permissions the site works fine but I would like to lock this site down a little more.  

BTW, this with CF2016 Update 5 on Windows Server 2016

Thanks.

Views

179

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Dec 15, 2017 0
Hemi345 LATEST
New Here ,
Dec 15, 2017

Copy link to clipboard

Copied

Update: I moved the Java classes I'm using for Oracle and MySQL data sources into the [cf.root]\cfusion\wwwroot\WEB-INF\classes\ folder and no longer having an issue with just the site's file paths and 

[cf.root]\cfusion\wwwroot\WEB-INF\classes\

[cf.root]\cfusion\wwwroot\WEB-INF\classes\-

defined in Files/Dirs section.  Still seems a odd that I need to specify these paths.  Any comments on this?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 15, 2017 0