bwpaint
asked on
Coldfusion 8 Security for CFFile and CFDirectory
I have run into a security issue with CF8...this is my server no a site on a 3rd party host.
I have an e-commerce package, CFWebstore. Within the web store admin is a product import function to import an existing csv file. What is happening is that once I do this I get an error that says CFFile and CFDirectory has been disabled within CFAdmin. This is a CFWebstore response. I have contacted the company that writes this e-commerce application and they said it is on my end within the CF security settings.
I have turned off all security settings (sandbox security), completely and still have this problem.
So my question is: Does anyone know of any additional security settings in CF8 (8.01) that may keep me from temporarily using CFFILE or CFDirectory tags. I have looked everywhere in the CFAdmin and can not find any additional security settings other than under the security tab and under sandbox security.
As always, any input or suggestions are greatly apprecitated.
g
I have an e-commerce package, CFWebstore. Within the web store admin is a product import function to import an existing csv file. What is happening is that once I do this I get an error that says CFFile and CFDirectory has been disabled within CFAdmin. This is a CFWebstore response. I have contacted the company that writes this e-commerce application and they said it is on my end within the CF security settings.
I have turned off all security settings (sandbox security), completely and still have this problem.
So my question is: Does anyone know of any additional security settings in CF8 (8.01) that may keep me from temporarily using CFFILE or CFDirectory tags. I have looked everywhere in the CFAdmin and can not find any additional security settings other than under the security tab and under sandbox security.
As always, any input or suggestions are greatly apprecitated.
g
ASKER
Yes I restarted the service
do you have a sinlge server or multi-home cf installed? did you change sandbox security settings for the correct instane(s) of cf?
Azadi
Azadi
ASKER
this is a single server, enterprise edition....yes and I completely turned off all sandbox security briefly and restarted the server...this server only has two sites on it at this time. I also reset the sandbox security for both sites again...still same issue with or without any or all sandbox security running.
i do not use cfwebstore, but maybe it shows that error even when it is not a sandbox security setting, but a general directory permissions setting in your OS?
are you trying to access a file/directory on a network drive? does the use cf is running as have proper access permissions to this file/directory?
Azadi
are you trying to access a file/directory on a network drive? does the use cf is running as have proper access permissions to this file/directory?
Azadi
ASKER
I have in the sandbox security set to all permissions...in the store I have removed some code cftry/ccfcatch to see the full error and it appears to be a mimetype issue
I am getting this error and have added this mimetype to the IIS server
The MIME type of the uploaded file application/octet-stream was not accepted by the server. <br>Only files of type text/csv,application/vnd.m
GeneratedContent
HTTPReferer http://bernardo.webwize.com/index.cfm?fuseaction=product.admin&do=import
Mailto orders@yoursite.com
Message The MIME type of the uploaded file application/octet-stream was not accepted by the server.
I am getting this error and have added this mimetype to the IIS server
The MIME type of the uploaded file application/octet-stream was not accepted by the server. <br>Only files of type text/csv,application/vnd.m
GeneratedContent
HTTPReferer http://bernardo.webwize.com/index.cfm?fuseaction=product.admin&do=import
Mailto orders@yoursite.com
Message The MIME type of the uploaded file application/octet-stream was not accepted by the server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
did you restart your server after disabling sandbox security?
Azadi