Re: [work] RE: [CF-Dev] CFMX7 sandboxing

[Andy Allan]

- see footer for list info -<
You need to add a couple of additional JVM arguments to get Sandboxing 
to work on both Multiserver and J2EE config installs.

So it does work, just not out of the box like you would expect. I 
blogged about it today (watch the wrap)
http://www.creative-restraint.co.uk/blog/index.cfm?mode=entry&entry=A7038D2C-933C-C47E-510C9D5E61402BA4

Cheers,
Andy
Russ Michaels (Snake) wrote:
- see footer for list info -<
   

Confirmation now received from MM.
<quote>
Russ,
I tested this and you are correct, it does not work in my J2EE install,
which is the same as Multi-Instance version.  The standalone must be doing
something different.
I will ask at the meeting in a few hours.
Thanks,
Mike
</quote>
Rather a hulking great bug this I think.
 

-----Original Message-----
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Russ 
Michaels (Snake)
Sent: 12 April 2005 12:43
To: 'Coldfusion Development'
Subject: RE: [work] RE: [CF-Dev] CFMX7 sandboxing

   

- see footer for list info -<
     

You can setup two instances on two servers and cluster them yes.
The test is pretty simple.
Install CFMX7 using the multi-server option.
On the default instance Enable sandboxing.
Create a default sandbox on the drive where all web sites are stored.
E.G.
D:\
And disable the usual tags:- cfffile, cfdirectory, cfexecute, 
cfregistry etc Now setup a site on your D drive (E.G. 
d:\wwwroot\mydomain.com) Put a .cfm file in there that uses 
any of the disabled tags.

On CFMX7 stand alone you will get an error stating you do not 
have permission to perform that action. Exactly as expected.
On ANY instance of CFMX using multi-server install, the page 
will work fine ignoring the sandbox.

I also have quite different setups on the 3 servers I tested.
Russ
   

I'm downloading the trial CF7 edition, is it possible to 
     

set up a test 
   

across 2 servers/ip's with it.
Maybe you have a blog somewhere on the way you verified its 
     

broken:)?
   

Colm
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of 
     

Russ Michaels
   

(Snake)
Sent: Monday, April 11, 2005 11:04 PM
To: 'Coldfusion Development'
Subject: RE: [work] RE: [CF-Dev] CFMX7 sandboxing
     

- see footer for list info -<
       

I am saying it doesn't work, because it doesn't work.
Of course it should work, that's the purpose of it.
But 3 different servers running the multi-server 
     

installation is not a 
   

fluke.
Russ
     

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 
       

Colm Brazel
   

Sent: 11 April 2005 19:45
To: Coldfusion Development
Subject: RE: [work] RE: [CF-Dev] CFMX7 sandboxing
       

- see footer for list info -<
         

"furthermore, developers can take advantage of the ability
         

to set up
       

instance-specific sandbox security".
         

I don't understand why you say security sandboxing won't 
       

work, as I 
   

understand it, from the above it should and across
       

different servers
     

and be instance specific??
Colm
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
       

Russ Michaels
     

(Snake)
Sent: Monday, April 11, 2005 6:00 PM
To: 'Coldfusion Development'
Subject: RE: [work] RE: [CF-Dev] CFMX7 sandboxing
       

- see footer for list info -<
         

Erm..
No really?
That will be why I am using it then, and what all my posts
       

have been
     

about.
Russ
       

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
         

Colm Brazel
     

Sent: 11 April 2005 16:07
To: Coldfusion Development
Subject: RE: [work] RE: [CF-Dev] CFMX7 sandboxing
         

- see footer for list info -<
           

"furthermore, developers can take advantage of the ability
         

to set up
       

instance-specific sandbox security"...before he goes into
         

clustering
       

below..
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
         

Colm Brazel
     

Sent: Monday, April 11, 2005 3:58 PM
To: Coldfusion Development
Subject: [work] RE: [CF-Dev] CFMX7 sandboxing
         

- see footer for list info -<
           

Security sandboxing doesn't work on CFMX7 in multi-server
             

configuration.
Trick is to use Jrun..
According to Greg Stewart in that article I mentioned using
         

JRUN 'you
       

can package these tailored instances and then redeploy them
         

on another
       

instance or even a different server running JRUN' he
         

mentionds Brandon
       

Purcell's article, "Advantages of using multiple instances for 
Coldfusion MX for J2EE:

         

www.macromedia.com/devnet/mx/coldfusion/j2ee/articles/multiple.html
     

Colm
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
         

Russ Michaels
       

(Snake)
Sent: Monday, April 11, 2005 2:48 PM
To: 'Coldfusion Development'
Cc: 'ColdFusion Guru List'
Subject: [work] [CF-Dev] CFMX7 sandboxing
         

- see footer for list info -<
           

I appear to have found a bug.
Security sandboxing doesn't work on CFMX7 in multi-server 
configuration.
I have tested this on 3 separate servers that were installed as 
multi-server, and on ALL of them, the sandboxes have no effect.
Disabled tags continue to work.

Testing on CFMX7 in stand alone configuration, the 
         

sandboxes work 
   

fine.
Russ
_______________________________________________
For details on ALL mailing lists and for joining or leaving
         

lists, go
       

to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
         

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to
           

volunteer your help
         

-<
           

---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0515-0, 04/11/2005 Tested on: 4/11/2005
3:58:11 PM avast! - copyright (c) 1988-2004 ALWIL Software.
http://www.avast.com

_______________________________________________
For details on ALL mailing lists and for joining or leaving
         

lists, go
       

to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
         

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to
           

volunteer your help
         

-<
           

---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0515-0, 04/11/2005 Tested on: 4/11/2005
4:06:29 PM avast! - copyright (c) 1988-2004 ALWIL Software.
http://www.avast.com

_______________________________________________
For details on ALL mailing lists and for joining or leaving
         

lists, go
       

to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
         

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to
           

volunteer your help
         

-<
           

_______________________________________________
For details on ALL mailing lists and for joining or leaving
       

lists, go
     

to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
       

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to
         

volunteer your help
       

-<
         

---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0515-0, 04/11/2005 Tested on: 4/11/2005
7:44:23 PM avast! - copyright (c) 1988-2004 ALWIL Software.
http://www.avast.com

_______________________________________________
For details on ALL mailing lists and for joining or leaving
       

lists, go
     

to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
       

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to
         

volunteer your help
       

-<
         

_______________________________________________
For details on ALL mailing lists and for joining or leaving 
     

lists, go 
   

to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
     

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to
       

volunteer your help
     

-<
       

---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0515-0, 04/11/2005 Tested on: 4/12/2005
9:36:21 AM avast! - copyright (c) 1988-2004 ALWIL Software.
http://www.avast.com

---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0515-0, 04/11/2005 Tested on: 4/12/2005
9:47:05 AM avast! - copyright (c) 1988-2004 ALWIL Software.
http://www.avast.com

_______________________________________________
For details on ALL mailing lists and for joining or leaving 
     

lists, go 
   

to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
     

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to
       

volunteer your help
     

-<
       

_______________________________________________
For details on ALL mailing lists and for joining or leaving 
lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo

--
CFDeveloper Sponsors:-
   

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to 
     

volunteer your help 
   

-<
     


_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to 
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
 

- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
   


--
[EMAIL PROTECTED]
www.creative-restraint.co.uk
www.scottishcfug.com
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to 
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<