>- see footer for list info -< Don't tell me mate, tell all the developers that use Fusebox blindly without understanding the core files.
So cfusion.jar as read only stops what exactly ? Russ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Allan Sent: 06 September 2005 16:19 To: Coldfusion Development Subject: RE: [CF-Dev] CFFile Folder creation >- see footer for list info -< You just need to make a very simple change to the Fusebox core files to get it to work with Sandboxing enabled. Modify fusebox4.loader.cfmx.cfm and change the four calls to Duplicate() to StructCopy() The alternative is to apply read (only) access to cfusion.jar - the CF team have verified there is no security risk in doing so. Andy Quoting Snake <[EMAIL PROTECTED]>: > >- see footer for list info -< > Yep, and I do disable Createobject(java) on all our servers. > But then my good friend fusebox comes back to haunt me, because FB4 > uses > CreateObject(Java) and thus customers FB sites break. And as is > usually the case, it's in the core files which no-one ever looks at so > they don't know why it's broke. > > Russ > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Robertson-Ravo, Neil (RX) > Sent: 06 September 2005 15:53 > To: Coldfusion Development > Subject: RE: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > Yeah - we are security conscious now ;-) what you stated is kind of a > double edged sword - on the one hand you are stating that if you have > it enabled then you can compromise CF but if you switch it off you are > asking for trouble as well - maybe there is a way to half switch it on > ;-) > > In CF7 this is why MM introduced the concept of "type" sandboxing ... > previously you locked down createobject completely, now you can > lockdown by type, java, cfc etc this was to allow hosts to kill java, > com, etc but leave CFCs enabled > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Snake > Sent: 06 September 2005 15:52 > To: 'Coldfusion Development' > Subject: RE: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > IF Createobject is enabled then you can use it to access things like > the Java service factory and thus compromise the CFADMIN, or the IO subsystem. > > Yes you can disable CreateObject() but this does cripple a lot of the > CFMx fucntionality, and people especially do want it for CFC's. > > I think one of my ex-employers would probably be proud my security > paranoia these days :-) > > Russ > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Robertson-Ravo, Neil (RX) > Sent: 06 September 2005 15:23 > To: Coldfusion Development > Subject: RE: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > CreateObject *is* a CF Function. Surely if the sandbox prevents you > calling a Function such as this you cant instantiate a Java object? I > know there was a problem before where reflection would allow you to > call java even if sandboxing prevented createobject(). > > AFAIK CF 7 you can prevent access to CFC, COM, Java, Webservice and > CORBA based on "type" sandboxing. > > > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Snake > Sent: 06 September 2005 15:18 > To: 'Coldfusion Development' > Subject: RE: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > Sanboxes do not work on JAVA, CFX tags etc, they only work on CF tags > and fucntions. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Robertson-Ravo, Neil (RX) > Sent: 06 September 2005 14:47 > To: Coldfusion Development > Subject: RE: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > Isn't this what Sandbox Security is for? > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Snake > Sent: 06 September 2005 14:51 > To: 'Coldfusion Development' > Subject: RE: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > Another scary thing about Createobject() and it's complete lack of security. > It's like having FSO access to the whole server. > > Russ > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Robertson-Ravo, Neil (RX) > Sent: 06 September 2005 14:38 > To: Coldfusion Development > Subject: RE: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > You can also use Java thus: > > createObject("java", "java.io.File").init(x).mkdirs(); > > Where x is the folder you want to create (full path) - if it doesn't > exist it will create it, if it does exists, it will ignore the fact it > exists and continue parsing. > > N > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Stephen > Moretti > Sent: 06 September 2005 14:35 > To: Coldfusion Development > Subject: Re: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > RichL wrote: > > >>- see footer for list info -< > >> > >> > >Hello > > i am trying to do a CFFile copy of an Access DB for bkup before > >doing an update. > > For the destination i was using a path which creates a new folder > >but CF > is > >complaining that it doesn't it exist. > > My expectation was that CF would create the new directory but > >obviously not... is there any way that i can do this? > > > > > > > <cfdirectory action="create" directory="mydirectoryname"> ;) > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed > Business, Registered in England, Number 678540. It contains > information which is confidential and may also be privileged. It is > for the exclusive use of the intended recipient(s). If you are not > the intended recipient(s) please note that any form of distribution, > copying or use of this communication or the information in it is > strictly prohibited and may be unlawful. If you have received this > communication in error please return it to the sender or call our > switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions. > Visit our website at http://www.reedexpo.com > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed > Business, Registered in England, Number 678540. It contains > information which is confidential and may also be privileged. It is > for the exclusive use of the intended recipient(s). If you are not > the intended recipient(s) please note that any form of distribution, > copying or use of this communication or the information in it is > strictly prohibited and may be unlawful. If you have received this > communication in error please return it to the sender or call our > switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions. > Visit our website at http://www.reedexpo.com > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed > Business, Registered in England, Number 678540. It contains > information which is confidential and may also be privileged. It is > for the exclusive use of the intended recipient(s). If you are not > the intended recipient(s) please note that any form of distribution, > copying or use of this communication or the information in it is > strictly prohibited and may be unlawful. If you have received this > communication in error please return it to the sender or call our > switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions. > Visit our website at http://www.reedexpo.com > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed > Business, Registered in England, Number 678540. It contains > information which is confidential and may also be privileged. It is > for the exclusive use of the intended recipient(s). If you are not > the intended recipient(s) please note that any form of distribution, > copying or use of this communication or the information in it is > strictly prohibited and may be unlawful. If you have received this > communication in error please return it to the sender or call our > switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions. > Visit our website at http://www.reedexpo.com > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > -- [EMAIL PROTECTED] www.creative-restraint.co.uk www.scottishcfug.com _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
