Charlie & John, Thank you for the suggestions. This is the first time I have encountered CFExecute and had not encountered this issue before. Charlie, to answer your questions, the secure profile has been turned on and we have the most recent version of the installer, update 3). The error we were receiving wasn't from CFExecute, but rather the BAT file was failing when it was executed, which lead me to believe that it was issues with security permissions.
We have decided to go with John's option of executing the bat files through a database cron job for security reasons. Charlie, I re-read your article on on reducing security risks on ColdFusion servers <http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat> and was able to share it with my management team. Thanks guys! Cheers, Bettina On Mon, Feb 2, 2015 at 11:10 AM, Charlie Arehart <char...@carehart.org> wrote: > Bettina, in addition to John’s wise words, I have a couple of thoughts to > the specific concern of something that “worked in 9 and not in 11”. Not > clear if they will be clear solutions to your problem. > > First, to be clear, there’s no change in cfexcute itself in CF11 (or 10), > that I know of. So it should work, for those taking the risk of running it. > (That said, I’d be more concerned if it worked with some incoming URL > string than if the command-line it executes is hard-coded. To John’s > concern, one thing some do is put it in a folder where they implement a > sandbox, to control which templates can execute that tag—and what > directories that code is allowed to access. As a tip, note that while in > CF10 and earlier required Enterprise to use this sort of > application-specific Sandbox security, CF11 dropped that and it’s now > allowed for Standard as well.) > > Second, and somewhat related, but not clear if it will affect the > cfexecute inherently, I would be willing to bet that whoever installed CF11 > chose the option (offered during installation) to enable the “secure > profile”. That locks CF down in various ways that were not so in CF9. Check > the CF admin page, Security section, Secure Profile page. You’ll likely see > it’s checked at the top (indicating it was turned on), and below that > you’ll see the nearly couple dozen settings changed by that. (It does NOT > turn on the sandbox security feaure by default.) You could try turning off > one of those, or turning off the entire “secure profile” page setting > (that, and this page, are new features of CF11 over 10, which only let you > decide during install whether to enable it or not, and only showed in the > docs what was affected). You may find you’d need to restart CF for some of > those changes to take effect, if you wanted to test your code after that. > > Third, what update level are you on? If you go to the “settings summary” > page (in the first section of the CF admin), or the last “server updates” > page, it will show (there have been 3 for CF 11, and 4 Is in prerelease). > If you applied any of those manually, it could be that one or more may have > had a partial failure. You can look in the logs in hf-updates (in the CF11 > directory for each instance, or the cfusion If you have only one) where > there are 2 logs. One tracks what was done and how it did. That said, if > this was done with a CF11 installer that you downloaded in recent weeks, > that came with update 3 already installed. If you are on update 3 but see > no hf-11-00003 folder in your hf-updates folder, then that’s one clue that > this was the latest installer. > > Finally, what’s the nature of the error? If you look in the > application.log or ColdFusion-out or ColdFusion-error log files, do they > say anything specifically? > > Let us know if any of that helps. > > > > /charlie > > > > *From:* ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Bettina > M. Scurlock > *Sent:* Monday, February 02, 2015 10:39 AM > *To:* discussion@acfug.org > *Subject:* [ACFUG Discuss] Running CFExecute in ColdFusion 11 > > > > Goon Morning All, > > > > We recently upgrade one of our servers from CF9 to CF11 last month. The > only issue we encountered is trying to get the CFExecute tag to execute BAT > files. > > Thoughts? > > > > Thank you in advance for your help! > > > > Cheers, > > Bettina >
