1 Reply Latest reply on Dec 16, 2013 8:30 AM by Steve Sommers

    Secure CFIDE directory & functionality to use cfdocument, cfpdf

    weezerboy Level 1

      Looking for your advice on the best way to create a secure CFIDE directory that will allow me to have full functionality to use cfdocument, cfpdf etc...


      My understanding is that certain folders within that need  to web accessible for cfchart,cfform,cfdocument to work, is that correct?


      We have had security issues and my hosting company has denied users access to the cfide directory and now I am getting erros when I try and merge PDF docs ...I am sure there are others I havent found yet too.


      An error occurred during MERGE operation in the cfpdf tag.


      Error: Access is denied


      1. java.io.IOException: Access is denied

              at java.io.WinNTFileSystem.createFileExclusively(Native Method)

              at java.io.File.checkAndCreate(File.java:1704)

              at java.io.File.createTempFile(File.java:1792)

              at coldfusion.pdf.PDFDocHandler.writeDocument(PDFDocHandler.java:900)

              at coldfusion.pdf.PDFDocHandler.writeDocument(PDFDocHandler.java:866)

              at coldfusion.pdf.PDFDocHandler.writeDocument(PDFDocHandler.java:847)

              at coldfusion.pdf.PDFDocOperation.merge(PDFDocOperation.java:524)

              at coldfusion.tagext.lang.PDFTag.doEndTag(PDFTag.java:1534)




      Anyway what is Adobe's official solution to this issue?


      Either I leave the CFIDE unsecured and the cfdocument, cfpdf ...work




      I lock down the CFIDE directory and lose the functionality for creating PDFS and other things.



      Any ideas?

        • 1. Re: Secure CFIDE directory & functionality to use cfdocument, cfpdf
          Steve Sommers Level 4

          There are several threads on securing the CFIDE. The best I have found involves to steps: 1) Keep up to date with the latest CF patches. 2) Break the current CFIDE virtual directory, replace it with one that points to an empty directory, then create a "scripts" one under that that points back to the original cfide/scripts directory. Most of the vulnerabilities revolve around other CFIDE modules not within the scripts branch and this will prevent probably 99% of them. Someday maybe Adobe will incorporate this into the standard distribution, but I'm not holding my breath.