This was a very odd problem I had on a clients site this week. Whenever he used the <CFAjaxProxy> tag on a page, the page simply stopped rendering at the point where the tag appeared. No error appeared on the page or in the ColdFusion logs.
The reason no error occurred turned out to be caused by the application.cfc, he has an OnError function that was doing a cfabort.
<cffunction name="onError" returnType="void" output="false">
<cfargument name="exception" required="true" />
<cfargument name="eventname" type="string" required="true" />
<!--- <cfdump var="#ARGUMENTS#" /> --->
<cfabort />
</cffunction>
Once I got rid of this problem, the following error appeared.
Security: The requested template has been denied access to C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\cfcheckUsername2ecfc1070071758.class.
The following is the internal exception message: access denied (java.io.FilePermission C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\cfcheckUsername2ecfc1070071758.class write)
So yet another path that needs to be added to the sandbox for every site in order for Ajax to work. Really there is no reason why this should be so as the classes should be created by CF internally and no special permissions should be required by the application.
The number of paths now required in each sandbox for CF8 in order for all tags and functions to work correctly is ridiculous. I have enlightened Adobe how things should work in shared hosting environments and all the paths that do not get inherited by sandboxes when applied at a root level, so here's hoping that CF9 will finally be shared hosting friendly.
Secured Files and Directories
Actions File Path Permissions
Edit Delete
c:\windows\fonts\ Read
Edit Delete
c:\windows\fonts\- Read
Edit Delete
C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\ Read,Write
Edit Delete
C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\- Read,Write
Edit Delete
C:\ColdFusion8\tmpCache\ Read,Write
Edit Delete
C:\ColdFusion8\tmpCache\- Read,Write,Execute,Delete
Edit Delete
C:\ColdFusion8\tmpCache\CFFileServlet\_cf_image\ Read,Write,Execute,Delete
Edit Delete
C:\ColdFusion8\tmpCache\CFFileServlet\_cf_image\- Read,Write,Execute,Delete
Edit Delete
t:\temp\ Read,Write,Delete
Edit Delete
c:\inetpub\wwwroot\CFIDE\ Read
Edit Delete
c:\inetpub\wwwroot\CFIDE\- Read
Edit Delete
t:\temp\- Read,Write
Edit Delete
c:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\ Read
Edit Delete
c:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\- Read
Edit Delete
C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\ Read,Write,Execute
Edit Delete
C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\- Read,Write,Execute
Edit Delete
c:\ColdFusion8\wwwroot\WEB-INF\cftags\ Read,Execute
Edit Delete
c:\ColdFusion8\wwwroot\WEB-INF\cftags\- Read,Execute
Quick question... I noticed the Read ability on the c:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\ but is that redundant with c:\inetpub\wwwroot\CFIDE\ ?
Also, have you had a tough time nesting these rules? e.g. c:\domains\- Read Write Execute Delete and c:\domains\mytest\ Read Only I can still delete the mytest directory. Never tried before so I don't know if it's a CF8 thing or not.
yes I expect it is redundant. Although I donot think allowing c:\inetpub\cfide is a good idea, it was required for something, even if that is not the path you are using for vDIR. I think it is ajax related again.
You don't have to worry about nested paths unless you implicity want to disallow something further down the tree. You simply disallow c:\domains by default, then allow c:\domains\mydomain.com in each sites sandbox