Wednesday, June 26, 2013

ColdFusion Java Component Access and SandBox Security

copied from:
When developing on a local ColdFusion server, most developers accept the default Coldfusion Administrator settings that are set by the ColdFusion installer. This is fine for development servers, but it can cause some problems when moving a ColdFusion application into production in a shared hosting enviroment. To ensure your code runs well when you move it to our servers, we recommend you make the following adjustments within your local ColdFusion Administrator:

First, on the Settings page make sure you enable the setting that says: "Disable access to internal ColdFusion Java components" (pictured below)

Second, under the Security Tab click the Sandbox Security link then click the box to "Enable ColdFusion Security". (pictured below)

Once Sandbox Security is enabled, you'll need to create a sandbox for your local site. To do this, add the full path to your site below where it says "Add Security Sandbox", then click "Add". For example if you are using the default site location for IIS, you would use 'C:\inetpub\wwwroot' as shown below:

The last thing to do is add the correct paths and permissions. By default, ColdFusion will add the path to your site, but you'll also want to make sure the following paths/permissions are added too (permissions are listed in parentheses next to path): 

  • C:\ColdFusion9\cache\- (Read,Write,Delete)
  • C:\WINDOWS\Fonts\- (Read)
  • C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\- (Read,Write)
  • C:\ColdFusion9\wwwroot\WEB-INF\cftags\interface.cfc (Read)
  • C:\ColdFusion9\tmpCache (Read)
  • C:\ColdFusion9\tmpCache\- (Read,Write,Delete)
  • C:\ColdFusion9\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\- (Read,Write,Delete)
  • C:\ColdFusion9\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp (Read)
  • C:\ColdFusion9\tmpCache\CFFileServlet\_cf_image\- (Read,Write,Delete)
  • C:\Users\USERNAME\AppData\Local\Temp\- (Read,Write,Delete)*

Please note, this assumes you're using a recent version of Windows (Vista or newer), and that ColdFusion is installed to 'C:\ColdFusion9'. If on an earlier version of Windows, the only thing you'll do differently is replace 'C:\Users\USERNAME\AppData\Local\Temp\-'* above with this path: 'C:\DOCUME~1\USERNAME\LOCALS~1\Temp\-'*

*Replace USERNAME with the actual name of your ColdFusion runtime user.


  1. Bluehost is ultimately one of the best website hosting provider with plans for any hosting needs.

  2. WP-Land - $5 A month WordPress web hosting.