This was a very odd problem I had on a clients site this week. Whenever he used the <CFAjaxProxy> tag on a page, the page simply stopped rendering at the point where the tag appeared. No error appeared on the page or in the ColdFusion logs.

The reason no error occurred turned out to be caused by the application.cfc, he has an OnError function that was doing a cfabort.

<cffunction name="onError" returnType="void" output="false">
        <cfargument name="exception" required="true" />
        <cfargument name="eventname" type="string" required="true" />
        <!--- <cfdump var="#ARGUMENTS#" /> --->
        <cfabort />
</cffunction>

Once I got rid of this problem, the following error appeared.

Security: The requested template has been denied access to C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\cfcheckUsername2ecfc1070071758.class.
The following is the internal exception message: access denied (java.io.FilePermission C:\ColdFusion8\wwwroot\WEB-INF\cfclasses\cfcheckUsername2ecfc1070071758.class write)

So yet another path that needs to be added to the sandbox for every site in order for Ajax to work. Really there is no reason why this should be so as the classes should be created by CF internally and no special permissions should be required by the application.

The number of paths now required in each sandbox for CF8 in order for all tags and functions to work correctly is ridiculous. I have enlightened Adobe how things should work in shared hosting environments and all the paths that do not get inherited by sandboxes when applied at a root level, so here's hoping that CF9 will finally be shared hosting friendly.

I recently had the following error reported by a cfdeveloper member since upgrading to ColdFusion 8.

Security: The requested template has been denied access to
C:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\cfmessage_en_GB_.js.
The following is the internal exception message: access denied
(java.io.FilePermission
C:\Inetpub\wwwroot\CFIDE\scripts\ajax\messages\cfmessage_en_GB_.js read)

ColdFusion cannot determine the line of the template that caused this error.
This is often caused by an error in the exception handling subsystem.

Now the security error is partly to be expected as I use security sandboxes and this path is thus not allowed by default, but the unexpected thing is the path it is trying to use in the first place.

Now like any good host should, I do not use the default CFIDE folder as I do not want every web site to have access to the ColdFusion Administrator, so the path to my CFIDE folder is actually D:\wwwroot\CFIDE and this is where the virtual directory points to for each web site. As you can see ColdFusion 8 completely ignores this fact and is using the default C:\Inetpub\wwwroot\CFIDE instead, which seems like a bug to me.

So if you are running in a sandboxed or shared hosting environment then you need to consider this fact and will need to add the above path to your default sandbox or ask your host to do so.