>- see footer for list info -< The point I'm making is that with FB4, you only need one copy of the core files on the server with a mapping to it (unlike FB3). So maintain it yourself.
If you've got developers putting the files on there themselves, then sandbox createObject and tell them to make the change. Or have it in a FAQ or something. As for making cfusion.jar readonly - you'd have to ask either the CF team or the Fusebox team. All I know is that making it readonly is a workable solution. Andy Quoting Snake <[EMAIL PROTECTED]>: > >- see footer for list info -< > Don't tell me mate, tell all the developers that use Fusebox blindly without > understanding the core files. > > So cfusion.jar as read only stops what exactly ? > > Russ > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Andy Allan > Sent: 06 September 2005 16:19 > To: Coldfusion Development > Subject: RE: [CF-Dev] CFFile Folder creation > > >- see footer for list info -< > You just need to make a very simple change to the Fusebox core files to get > it to work with Sandboxing enabled. > > Modify fusebox4.loader.cfmx.cfm and change the four calls to Duplicate() to > StructCopy() > > The alternative is to apply read (only) access to cfusion.jar - the CF team > have verified there is no security risk in doing so. > > Andy > > Quoting Snake <[EMAIL PROTECTED]>: > > > >- see footer for list info -< > > Yep, and I do disable Createobject(java) on all our servers. > > But then my good friend fusebox comes back to haunt me, because FB4 > > uses > > CreateObject(Java) and thus customers FB sites break. And as is > > usually the case, it's in the core files which no-one ever looks at so > > they don't know why it's broke. > > > > Russ > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Robertson-Ravo, Neil (RX) > > Sent: 06 September 2005 15:53 > > To: Coldfusion Development > > Subject: RE: [CF-Dev] CFFile Folder creation > > > > >- see footer for list info -< > > Yeah - we are security conscious now ;-) what you stated is kind of a > > double edged sword - on the one hand you are stating that if you have > > it enabled then you can compromise CF but if you switch it off you are > > asking for trouble as well - maybe there is a way to half switch it on > > ;-) > > > > In CF7 this is why MM introduced the concept of "type" sandboxing ... > > previously you locked down createobject completely, now you can > > lockdown by type, java, cfc etc this was to allow hosts to kill java, > > com, etc but leave CFCs enabled > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Snake > > Sent: 06 September 2005 15:52 > > To: 'Coldfusion Development' > > Subject: RE: [CF-Dev] CFFile Folder creation > > > > >- see footer for list info -< > > IF Createobject is enabled then you can use it to access things like > > the Java service factory and thus compromise the CFADMIN, or the IO > subsystem. > > > > Yes you can disable CreateObject() but this does cripple a lot of the > > CFMx fucntionality, and people especially do want it for CFC's. > > > > I think one of my ex-employers would probably be proud my security > > paranoia these days :-) > > > > Russ > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Robertson-Ravo, Neil (RX) > > Sent: 06 September 2005 15:23 > > To: Coldfusion Development > > Subject: RE: [CF-Dev] CFFile Folder creation > > > > >- see footer for list info -< > > CreateObject *is* a CF Function. Surely if the sandbox prevents you > > calling a Function such as this you cant instantiate a Java object? I > > know there was a problem before where reflection would allow you to > > call java even if sandboxing prevented createobject(). > > > > AFAIK CF 7 you can prevent access to CFC, COM, Java, Webservice and > > CORBA based on "type" sandboxing. > > > > > > > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Snake > > Sent: 06 September 2005 15:18 > > To: 'Coldfusion Development' > > Subject: RE: [CF-Dev] CFFile Folder creation > > > > >- see footer for list info -< > > Sanboxes do not work on JAVA, CFX tags etc, they only work on CF tags > > and fucntions. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Robertson-Ravo, Neil (RX) > > Sent: 06 September 2005 14:47 > > To: Coldfusion Development > > Subject: RE: [CF-Dev] CFFile Folder creation > > > > >- see footer for list info -< > > Isn't this what Sandbox Security is for? > > > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Snake > > Sent: 06 September 2005 14:51 > > To: 'Coldfusion Development' > > Subject: RE: [CF-Dev] CFFile Folder creation > > > > >- see footer for list info -< > > Another scary thing about Createobject() and it's complete lack of > security. > > It's like having FSO access to the whole server. > > > > Russ > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Robertson-Ravo, Neil (RX) > > Sent: 06 September 2005 14:38 > > To: Coldfusion Development > > Subject: RE: [CF-Dev] CFFile Folder creation > > > > >- see footer for list info -< > > You can also use Java thus: > > > > createObject("java", "java.io.File").init(x).mkdirs(); > > > > Where x is the folder you want to create (full path) - if it doesn't > > exist it will create it, if it does exists, it will ignore the fact it > > exists and continue parsing. > > > > N > > > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Stephen > > Moretti > > Sent: 06 September 2005 14:35 > > To: Coldfusion Development > > Subject: Re: [CF-Dev] CFFile Folder creation > > > > >- see footer for list info -< > > RichL wrote: > > > > >>- see footer for list info -< > > >> > > >> > > >Hello > > > i am trying to do a CFFile copy of an Access DB for bkup before > > >doing an update. > > > For the destination i was using a path which creates a new folder > > >but CF > > is > > >complaining that it doesn't it exist. > > > My expectation was that CF would create the new directory but > > >obviously not... is there any way that i can do this? > > > > > > > > > > > <cfdirectory action="create" directory="mydirectoryname"> ;) > > > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed > > Business, Registered in England, Number 678540. It contains > > information which is confidential and may also be privileged. It is > > for the exclusive use of the intended recipient(s). If you are not > > the intended recipient(s) please note that any form of distribution, > > copying or use of this communication or the information in it is > > strictly prohibited and may be unlawful. If you have received this > > communication in error please return it to the sender or call our > > switchboard on +44 (0) 20 89107910. The opinions expressed within this > communication are not necessarily those expressed by Reed Exhibitions. > > Visit our website at http://www.reedexpo.com > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > > > > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed > > Business, Registered in England, Number 678540. It contains > > information which is confidential and may also be privileged. It is > > for the exclusive use of the intended recipient(s). If you are not > > the intended recipient(s) please note that any form of distribution, > > copying or use of this communication or the information in it is > > strictly prohibited and may be unlawful. If you have received this > > communication in error please return it to the sender or call our > > switchboard on +44 (0) 20 89107910. The opinions expressed within this > communication are not necessarily those expressed by Reed Exhibitions. > > Visit our website at http://www.reedexpo.com > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > > > > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed > > Business, Registered in England, Number 678540. It contains > > information which is confidential and may also be privileged. It is > > for the exclusive use of the intended recipient(s). If you are not > > the intended recipient(s) please note that any form of distribution, > > copying or use of this communication or the information in it is > > strictly prohibited and may be unlawful. If you have received this > > communication in error please return it to the sender or call our > > switchboard on +44 (0) 20 89107910. The opinions expressed within this > communication are not necessarily those expressed by Reed Exhibitions. > > Visit our website at http://www.reedexpo.com > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > > > > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, > > Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed > > Business, Registered in England, Number 678540. It contains > > information which is confidential and may also be privileged. It is > > for the exclusive use of the intended recipient(s). If you are not > > the intended recipient(s) please note that any form of distribution, > > copying or use of this communication or the information in it is > > strictly prohibited and may be unlawful. If you have received this > > communication in error please return it to the sender or call our > > switchboard on +44 (0) 20 89107910. The opinions expressed within this > communication are not necessarily those expressed by Reed Exhibitions. > > Visit our website at http://www.reedexpo.com > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > CFDeveloper Sponsors:- > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > > > > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > CFDeveloper Sponsors:- > > >- Hosting provided by www.cfmxhosting.co.uk -< > > >- Forum provided by www.fusetalk.com -< > > >- DHTML Menus provided by www.APYCOM.com -< > > >- Lists hosted by www.Gradwell.com -< > > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > > >help -< > > > > > -- > [EMAIL PROTECTED] > www.creative-restraint.co.uk > www.scottishcfug.com > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go to > http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help > >-< > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go to > http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- Hosting provided by www.cfmxhosting.co.uk -< > >- Forum provided by www.fusetalk.com -< > >- DHTML Menus provided by www.APYCOM.com -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -< > -- [EMAIL PROTECTED] www.creative-restraint.co.uk www.scottishcfug.com _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
