cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Secure CFIDE directory & functionality to use cfdocument, cfpdf

weezerboy
Participant ,
Dec 16, 2013 Dec 16, 2013

Copy link to clipboard

Copied

Looking for your advice on the best way to create a secure CFIDE directory that will allow me to have full functionality to use cfdocument, cfpdf etc...

My understanding is that certain folders within that need  to web accessible for cfchart,cfform,cfdocument to work, is that correct?

We have had security issues and my hosting company has denied users access to the cfide directory and now I am getting erros when I try and merge PDF docs ...I am sure there are others I havent found yet too.

An error occurred during MERGE operation in the cfpdf tag.

Error: Access is denied

  1. java.io.IOException: Access is denied

        at java.io.WinNTFileSystem.createFileExclusively(Native Method)

        at java.io.File.checkAndCreate(File.java:1704)

        at java.io.File.createTempFile(File.java:1792)

        at coldfusion.pdf.PDFDocHandler.writeDocument(PDFDocHandler.java:900)

        at coldfusion.pdf.PDFDocHandler.writeDocument(PDFDocHandler.java:866)

        at coldfusion.pdf.PDFDocHandler.writeDocument(PDFDocHandler.java:847)

        at coldfusion.pdf.PDFDocOperation.merge(PDFDocOperation.java:524)

        at coldfusion.tagext.lang.PDFTag.doEndTag(PDFTag.java:1534)

Etc...............

Anyway what is Adobe's official solution to this issue?

Either I leave the CFIDE unsecured and the cfdocument, cfpdf ...work

OR

I lock down the CFIDE directory and lose the functionality for creating PDFS and other things.

Any ideas?

Views

1.3K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 1 Reply 1
latest latest Jump to latest reply
Steve Sommers
Advocate ,
Dec 16, 2013 Dec 16, 2013

Copy link to clipboard

Copied

LATEST

There are several threads on securing the CFIDE. The best I have found involves to steps: 1) Keep up to date with the latest CF patches. 2) Break the current CFIDE virtual directory, replace it with one that points to an empty directory, then create a "scripts" one under that that points back to the original cfide/scripts directory. Most of the vulnerabilities revolve around other CFIDE modules not within the scripts branch and this will prevent probably 99% of them. Someday maybe Adobe will incorporate this into the standard distribution, but I'm not holding my breath.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices