I've given read and execute - I haven't tried with execute only but I will and I'll report the results.
While it's quite possible to escalate privilege as you say, it's also possible we'd catch people doing this with our regular automated server checks - and I can find out where they live :-) It's one of the things we have to live with if we want to provide decent Java integration features. mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/1/21 Jochem van Dieten <joch...@gmail.com>: > On Tue, Jan 20, 2009 at 8:00 AM, James Holmes wrote: >> We have sandboxing turned on; while just about everything works as you >> would expect without it, it appears that for some functionality >> (including cffeed) the path to [coldfusion >> instance]/WEB-INF/cfusion/lib needs to be added to the sandbox. > > That is a bug that was most likely introduced in APSB08-21: > http://www.adobe.com/support/security/bulletins/apsb08-21.html > > What permissions did you give exactly? Was execute enough? All other > permissions are potentially dangerous for the server integrity. > Although since you allow Java in your Sandboxes anybody can escalate > his own privileges anyway. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:318270 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
