OK I have done a complete rewrite of how it works now. All saved code is now executed in a totally difference instance than the site itself, so uploaded code no longer has any access to the site files, so that avoids all the permissions issues, and that instance is not remotely accessible either. plus also has greater Railo access restrictions as well. I have disabled file access for now as it probably isn't needed in an app like this anyway, but it is probably safe to enable considering no files can be read or written outside the webroot of the instance and as the instance is not web accessible, there is no way for anyone to make any use of any dodgy files they create.
Feel free to hack away and let me know if you find any problems or other potential security issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355791 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm