Re: Web Services and file permissions - access.denied
> > Thanks for the reply. Yes I'm running dev edition of CF on my local > machine - which is where I'm having NO trouble getting > > things to work. I have trouble when the calling cfm is on Hostek > and the cfc (web service) is on a standard copy of CF 9 at > > home. Any other thoughts? > > Have you verified that the server at Hostek can access your server at > home? > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite. UPDATE: Moments after I replied to your suggestion, Hostek responded to my ticket and indicated that they had updated the permissions on my security sandbox and everything works fine! Augh - 24 hours of pulling my hair out and it was that simple. Case closed. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351939 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Web Services and file permissions - access.denied
> > Thanks for the reply. Yes I'm running dev edition of CF on my local > machine - which is where I'm having NO trouble getting > > things to work. I have trouble when the calling cfm is on Hostek > and the cfc (web service) is on a standard copy of CF 9 at > > home. Any other thoughts? > > Have you verified that the server at Hostek can access your server at > home? > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite. Dave, Thanks Dave. Appreciate you troubleshooting this one with me. Say more. Are you thinking that Hostek blocks the consumption of web services? as for access to the home setup, it hosts my personal site (casadiablo.homeip.net) which I can reach just fine from anywhere. Which is only to say that I don't think it's an "incoming" firewall issue on the home side. I do have a ticket into Hostek just to see if there is something there. How would you suggest I personally test the ability for Hostek to reach into the home server? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351938 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Web Services and file permissions - access.denied
> Thanks for the reply. Yes I'm running dev edition of CF on my local machine > - which is where I'm having NO trouble getting > things to work. I have trouble when the calling cfm is on Hostek and the cfc > (web service) is on a standard copy of CF 9 at > home. Any other thoughts? Have you verified that the server at Hostek can access your server at home? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351937 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Web Services and file permissions - access.denied
>I am presuming you are running dev edition of cf on your local machine, >which has IP restrictions which is probably the cause. > >Regards >Russ Michaels >On Jul 22, 2012 3:23 AM, "Les Schmidt" wrote: > >> Russ, Thanks for the reply. Yes I'm running dev edition of CF on my local machine - which is where I'm having NO trouble getting things to work. I have trouble when the calling cfm is on Hostek and the cfc (web service) is on a standard copy of CF 9 at home. Any other thoughts? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351936 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Web Services and file permissions - access.denied
I am presuming you are running dev edition of cf on your local machine,
which has IP restrictions which is probably the cause.
Regards
Russ Michaels
On Jul 22, 2012 3:23 AM, "Les Schmidt" wrote:
>
> I am attempting to access a Coldfusion 9 webservice that I created on one
> system (over which I have total control) by consuming it on another system
> which is hosted. The pair works fine when both requesting page and the
> webservice are resident on my development server (in separate projects in
> CF Builder), but generate the following error when in their respective
> production environments:
>
> Error Occurred While Processing Request
>
> Cannot generate stub objects for web service invocation.
>
> Name: http://casadiablo.homeip.net/WebServices/WebSvcs.cfc?wsdl. WSDL:
> http://casadiablo.homeip.net/WebServices/WebSvcs.cfc?wsdl.
> java.security.AccessControlException: access denied
> ("java.io.FilePermission" "C:/Program
> Files/Java/jdk1.7.0_04/jre/lib/wsdl.properties" "read") It is recommended
> that you use a web browser to retrieve and examine the requested WSDL
> document to ensure it is correct. If the requested WSDL document cannot be
> retrieved or is dynamically generated, it is likely that the target web
> service has programming errors.
>
>
>
> The error occurred in D:/home/casadiablo.net/wwwroot/indexCDNet.cfm: line
> 10
>
> Called from "java.io.FilePermission" "C: line -1
>
> Called from "java.io.FilePermission" "C: line -1
>
> Called from D:/home/casadiablo.net/wwwroot/indexCDNet.cfm: line 10
>
> ---
>
> Note: the wsdl renders just fine in a browser, so it's not a "can't find
> it" or location issue. I'm no expert in reading wsdl files, though, so the
> displayed wsdl file could be rendering some clues if I knew what to look
> for.
>
> For context:
> When I go from my development environment to production, the consuming
> page is on casadiablo.net/indexCDnet.cfm (hosted by Hostek). The
> webservice is on a PC in my home that has a dedicated IP address.
>
> I've tried all kinds of combinations of usernames and passwords that might
> be prohibiting file access and submitting these during invocation or
> registering them in the CF Administrator Web Services panel. All to no
> avail.
>
> I've searched all over for an "access denied" java error (related to CF
> web services) discussion and have found nothing. Any ideas as to how to
> troubleshoot where in this chain a java.io.FilePermission error might be
> triggered would be greatly appreciated!!
>
>
>
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351935
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Web Services and file permissions - access.denied
I am attempting to access a Coldfusion 9 webservice that I created on one
system (over which I have total control) by consuming it on another system
which is hosted. The pair works fine when both requesting page and the
webservice are resident on my development server (in separate projects in CF
Builder), but generate the following error when in their respective production
environments:
Error Occurred While Processing Request
Cannot generate stub objects for web service invocation.
Name: http://casadiablo.homeip.net/WebServices/WebSvcs.cfc?wsdl. WSDL:
http://casadiablo.homeip.net/WebServices/WebSvcs.cfc?wsdl.
java.security.AccessControlException: access denied ("java.io.FilePermission"
"C:/Program Files/Java/jdk1.7.0_04/jre/lib/wsdl.properties" "read") It is
recommended that you use a web browser to retrieve and examine the requested
WSDL document to ensure it is correct. If the requested WSDL document cannot be
retrieved or is dynamically generated, it is likely that the target web service
has programming errors.
The error occurred in D:/home/casadiablo.net/wwwroot/indexCDNet.cfm: line 10
Called from "java.io.FilePermission" "C: line -1
Called from "java.io.FilePermission" "C: line -1
Called from D:/home/casadiablo.net/wwwroot/indexCDNet.cfm: line 10
---
Note: the wsdl renders just fine in a browser, so it's not a "can't find it" or
location issue. I'm no expert in reading wsdl files, though, so the displayed
wsdl file could be rendering some clues if I knew what to look for.
For context:
When I go from my development environment to production, the consuming page is
on casadiablo.net/indexCDnet.cfm (hosted by Hostek). The webservice is on a PC
in my home that has a dedicated IP address.
I've tried all kinds of combinations of usernames and passwords that might be
prohibiting file access and submitting these during invocation or registering
them in the CF Administrator Web Services panel. All to no avail.
I've searched all over for an "access denied" java error (related to CF web
services) discussion and have found nothing. Any ideas as to how to
troubleshoot where in this chain a java.io.FilePermission error might be
triggered would be greatly appreciated!!
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351934
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: file permissions
> should i understand the cfcontent tag? Yes. CFCONTENT lets you use CF to serve non-CF files. If you put files in the web server's directories, and serve them directly, you can't easily control access to those files from within your CF application. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321716 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: file permissions
thanks dave, it was actually based on your comments in another post that got me thinking about this it was in a post to do with hacking and you said that the person should look through the site and set permissions on any file that writes to the file system. i also want to make sure that if someone cannot access a folder that has sensitive files but want to make sure our coldfusion application will still be able to acces that folder should i understand the cfcontent tag? > > i saw someone discussing the need for file permissions on files that > write to the file > > system, but do not understand this subject well enough to know what > to do > > > > we have a lot of files in one of our applications that write xml and > MS Excel spreadsheets > > and know that we need to set file permissions but dont understand > the following: > > > > 1) what permissions do we need to set on these > > 2) do we need to set a password on these files > > 3) if so will the application still run, or do we need to set > something up that will allow the > > system to access them > > Without knowing what you're trying to accomplish, it's difficult to > answer this question. > > > we also have some folders that contain sensitive zip files etc... so > how can we set a > > password on these and how will the system interact with them if a > password is set on the > > folder? > > If you're using IIS, you can set permissions on files and folders, > and > browser users will then need to provide a valid set of credentials > that match those permissions. If you're using Apache, you could do > something similar with .htaccess files rather than permissions. If > you > want to handle permissions through CF rather than through your web > server, you'll need to serve the files using CFCONTENT rather than > letting people get them through the web server directly. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321666 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: file permissions
> i saw someone discussing the need for file permissions on files that write to > the file > system, but do not understand this subject well enough to know what to do > > we have a lot of files in one of our applications that write xml and MS Excel > spreadsheets > and know that we need to set file permissions but dont understand the > following: > > 1) what permissions do we need to set on these > 2) do we need to set a password on these files > 3) if so will the application still run, or do we need to set something up > that will allow the > system to access them Without knowing what you're trying to accomplish, it's difficult to answer this question. > we also have some folders that contain sensitive zip files etc... so how can > we set a > password on these and how will the system interact with them if a password is > set on the > folder? If you're using IIS, you can set permissions on files and folders, and browser users will then need to provide a valid set of credentials that match those permissions. If you're using Apache, you could do something similar with .htaccess files rather than permissions. If you want to handle permissions through CF rather than through your web server, you'll need to serve the files using CFCONTENT rather than letting people get them through the web server directly. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
file permissions
Hi i saw someone discussing the need for file permissions on files that write to the file system, but do not understand this subject well enough to know what to do we have a lot of files in one of our applications that write xml and MS Excel spreadsheets and know that we need to set file permissions but dont understand the following: 1) what permissions do we need to set on these 2) do we need to set a password on these files 3) if so will the application still run, or do we need to set something up that will allow the system to access them we also have some folders that contain sensitive zip files etc... so how can we set a password on these and how will the system interact with them if a password is set on the folder? basically we are confused about how all this works and would appreciate any guidance or tutorials that will help us understand thanks ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321654 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: FTP and file permissions
On 8/9/05, Jim Davis wrote: > You're not running the CF task via CFEXECUTE, you're running a DOS Batch > file which would use the Windows command line FTP program to do the actual > FTP work. > > You'd be taking CF out of the loop when it comes to FTP. CF would just be > launching the process and reaping the spoils but not doing any of the actual > work. Just like any good manager. ;^) Well, that worked like a champ. You have no idea how relieved I am to have a working process again. (We still have to verify overnight that the process actually works when the scheduler actually runs, but I don't see why it won't work). As afar has reaping the spoils without doing any actual work . . . that's why I'd make a horrible manager. I don't even think of such things. :) Thank you very much. Scott -- - Scott Brady http://www.scottbrady.net/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:214504 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
On 8/9/05, Jim Davis wrote: > You're not running the CF task via CFEXECUTE, you're running a DOS Batch > file which would use the Windows command line FTP program to do the actual > FTP work. > > You'd be taking CF out of the loop when it comes to FTP. CF would just be > launching the process and reaping the spoils but not doing any of the actual > work. Just like any good manager. ;^) Interesting. We'd have to adjust the timing, of course, because CF would still need to process the ftp-ed file, but that might just work. I'll present that as an option for us to test. Thanks! Scott -- - Scott Brady http://www.scottbrady.net/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:214359 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: FTP and file permissions
> -Original Message- > From: Scott Brady [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 09, 2005 5:54 PM > To: CF-Talk > Subject: Re: FTP and file permissions > > On 8/9/05, Jim Davis wrote: > > If it's a windows machine you can easily create a command line batch > file to > > do the task and run it (via CFEXECUTE) using CF Schedule. If all else > fails > > this might be a good stopgap to get you up and running. > > I'm not exactly clear how that would fix the problem. If the > scheduled task isn't seeing every file, how would running that > scheduled task via cfexecute cause it to now see every file? You're not running the CF task via CFEXECUTE, you're running a DOS Batch file which would use the Windows command line FTP program to do the actual FTP work. You'd be taking CF out of the loop when it comes to FTP. CF would just be launching the process and reaping the spoils but not doing any of the actual work. Just like any good manager. ;^) Jim Davis ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:214272 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
On 8/9/05, Jim Davis wrote: > Are you logging into the FTP server manually on the CF box? Because of IP restrictions on the FTP server, the only way to log in to the FTP site is via the CF box. So, the way I'm testing this is: 1) Run the scheduled task which ftps into the machine and do a dump of the directory listing. This dump doesn't display every file. 2) From the CF box, use command line FTP (using the exact same login info as CF uses) and do a directory listing. It displays every file. > If it's a windows machine you can easily create a command line batch file to > do the task and run it (via CFEXECUTE) using CF Schedule. If all else fails > this might be a good stopgap to get you up and running. I'm not exactly clear how that would fix the problem. If the scheduled task isn't seeing every file, how would running that scheduled task via cfexecute cause it to now see every file? > Creating a batch file might not be a bad idea in any case - at least it can > be used to test connectivity when CF is having problems. CF isn't having connectivity problems. It can connect to the server without any problem. It just can't see every file it's supposed to be seeing. Thanks for the suggestions, though. Scott -- - Scott Brady http://www.scottbrady.net/ ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:214268 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: FTP and file permissions
> -Original Message- > From: Scott Brady [mailto:[EMAIL PROTECTED] > Sent: Friday, August 05, 2005 10:36 AM > To: CF-Talk > Subject: Fwd: FTP and file permissions > > > Well, it's been a month and we are still having this problem. > > Has NO ONE ever heard of an instance where logging in to an ftp server > manually (with the same credentials) allows you to see files in a > directory but CFFTP won't? Are you logging into the FTP server manually on the CF box? (We've had similar problems were it turned out people were defending the infrastructure by saying "it works for me". What they meant was that it worked from their desktop - the CF Server was blocked from doing the same thing by a firewall rule.) If it's a windows machine you can easily create a command line batch file to do the task and run it (via CFEXECUTE) using CF Schedule. If all else fails this might be a good stopgap to get you up and running. Creating a batch file might not be a bad idea in any case - at least it can be used to test connectivity when CF is having problems. Jim Davis ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:214264 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
On 8/9/05, Robertson-Ravo, Neil (RX) wrote: > And it may be down to what user ColdFusion is running under. > CF (which can't see those files) is connecting to the FTP server with the exact same login info as when I do it manually (which allows me to see those files). Basically, this has gone on so long, we're going to look into the client FTP-ing that file up to our server instead. Scott -- - Scott Brady http://www.scottbrady.net/ ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:214263 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
And it may be down to what user ColdFusion is running under. "This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -Original Message- From: Dharmendar Kumar <[EMAIL PROTECTED]> To: CF-Talk Sent: Fri Aug 05 15:57:05 2005 Subject: RE: FTP and file permissions Try turning off/on passive mode. -Original Message- From: Scott Brady [mailto:[EMAIL PROTECTED] Sent: Friday, August 05, 2005 10:36 AM To: CF-Talk Subject: Fwd: FTP and file permissions Well, it's been a month and we are still having this problem. Has NO ONE ever heard of an instance where logging in to an ftp server manually (with the same credentials) allows you to see files in a directory but CFFTP won't? Scott -- Forwarded message -- From: Scott Brady <[EMAIL PROTECTED]> Date: Jul 1, 2005 1:19 PM Subject: FTP and file permissions To: cf-talk@houseoffusion.com This is a follow-up to my posts from yesterday. One of our clients pushes a daily data feed to their FTP server, which we log in to using a scheduled task in CF and download the file and process the data feed. Since we upgraded to CF7, it appears that CF's FTP connection can't "see" that file (neither a directory listing nor a "File Exists" can seee it). If I manually log into the FTP server (using the exact same username and password), I'm able to see the file. If I then copy the file to some other name, CF can now see the new file. If I delete the original and rename the copy back to the original's name, CF can now see the file under the original name. To me, this sounds like some weird permissions issue, but why would I be able to see the file when manually FTP-ing in with the same exact credentials? Any ideas? Scott -- - Scott Brady http://www.scottbrady.net/ ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:214255 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
On 8/5/05, Charles Polisher wrote: > Is there anything unusual about the filenames you're using, > any departure from straight 8.3 notation, all alphanumeric? Yes, the filenames are in this format: sometext.csv.pgp (the "sometext" changes every day, but it's always .csv.pgp at the end). This process has worked until we upgraded to CF7, and I haven't been able to find any reference to changes with CF7 that would affect this, though. Scott -- - Scott Brady http://www.scottbrady.net/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213901 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: FTP and file permissions
> Well, it's been a month and we are still having this problem. > > Has NO ONE ever heard of an instance where logging in to an ftp > server manually (with the same credentials) allows you to see files > in a directory but CFFTP won't? I suggest you use a packet sniffer to capture a manual FTP session and a CFFTP session, and see what's different. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213896 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
Scott Brady wrote: > On 8/5/05, Charles Polisher wrote: > > Do you have access to the ftp log on the remote site? > > What does it show? What OS are you using on each end? > > We don't have access to the ftp logs on the remote site (it's a fairly > locked down server for a Fortune 500 company, so we're just lucky to > be on there at all :) ). > > I might be able to have them check the logs on their end, but I doubt it. > > The CF OS is Windows 2003. > > I don't know exactly what the remote OS is, but I assume it's a > *nix-based OS, because I have to use "ls" to view the directory when > I'm manually logging in. > > Scott Is there anything unusual about the filenames you're using, any departure from straight 8.3 notation, all alphanumeric? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213894 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
On 8/5/05, Charles Polisher wrote: > Do you have access to the ftp log on the remote site? > What does it show? What OS are you using on each end? We don't have access to the ftp logs on the remote site (it's a fairly locked down server for a Fortune 500 company, so we're just lucky to be on there at all :) ). I might be able to have them check the logs on their end, but I doubt it. The CF OS is Windows 2003. I don't know exactly what the remote OS is, but I assume it's a *nix-based OS, because I have to use "ls" to view the directory when I'm manually logging in. Scott -- - Scott Brady http://www.scottbrady.net/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213892 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
Scott Brady wrote: > On 8/5/05, Dharmendar Kumar wrote: > > Try turning off/on passive mode. > > Thanks for the suggestion. > > Unfortunately, that had no effect. > > Scott Do you have access to the ftp log on the remote site? What does it show? What OS are you using on each end? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213884 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: FTP and file permissions
On 8/5/05, Dharmendar Kumar wrote: > Try turning off/on passive mode. Thanks for the suggestion. Unfortunately, that had no effect. Scott -- - Scott Brady http://www.scottbrady.net/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213876 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: FTP and file permissions
Try turning off/on passive mode. -Original Message- From: Scott Brady [mailto:[EMAIL PROTECTED] Sent: Friday, August 05, 2005 10:36 AM To: CF-Talk Subject: Fwd: FTP and file permissions Well, it's been a month and we are still having this problem. Has NO ONE ever heard of an instance where logging in to an ftp server manually (with the same credentials) allows you to see files in a directory but CFFTP won't? Scott -- Forwarded message -- From: Scott Brady <[EMAIL PROTECTED]> Date: Jul 1, 2005 1:19 PM Subject: FTP and file permissions To: cf-talk@houseoffusion.com This is a follow-up to my posts from yesterday. One of our clients pushes a daily data feed to their FTP server, which we log in to using a scheduled task in CF and download the file and process the data feed. Since we upgraded to CF7, it appears that CF's FTP connection can't "see" that file (neither a directory listing nor a "File Exists" can seee it). If I manually log into the FTP server (using the exact same username and password), I'm able to see the file. If I then copy the file to some other name, CF can now see the new file. If I delete the original and rename the copy back to the original's name, CF can now see the file under the original name. To me, this sounds like some weird permissions issue, but why would I be able to see the file when manually FTP-ing in with the same exact credentials? Any ideas? Scott -- - Scott Brady http://www.scottbrady.net/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213862 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Fwd: FTP and file permissions
Well, it's been a month and we are still having this problem. Has NO ONE ever heard of an instance where logging in to an ftp server manually (with the same credentials) allows you to see files in a directory but CFFTP won't? Scott -- Forwarded message -- From: Scott Brady <[EMAIL PROTECTED]> Date: Jul 1, 2005 1:19 PM Subject: FTP and file permissions To: cf-talk@houseoffusion.com This is a follow-up to my posts from yesterday. One of our clients pushes a daily data feed to their FTP server, which we log in to using a scheduled task in CF and download the file and process the data feed. Since we upgraded to CF7, it appears that CF's FTP connection can't "see" that file (neither a directory listing nor a "File Exists" can seee it). If I manually log into the FTP server (using the exact same username and password), I'm able to see the file. If I then copy the file to some other name, CF can now see the new file. If I delete the original and rename the copy back to the original's name, CF can now see the file under the original name. To me, this sounds like some weird permissions issue, but why would I be able to see the file when manually FTP-ing in with the same exact credentials? Any ideas? Scott -- - Scott Brady http://www.scottbrady.net/ ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213856 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
FTP and file permissions
This is a follow-up to my posts from yesterday. One of our clients pushes a daily data feed to their FTP server, which we log in to using a scheduled task in CF and download the file and process the data feed. Since we upgraded to CF7, it appears that CF's FTP connection can't "see" that file (neither a directory listing nor a "File Exists" can seee it). If I manually log into the FTP server (using the exact same username and password), I'm able to see the file. If I then copy the file to some other name, CF can now see the new file. If I delete the original and rename the copy back to the original's name, CF can now see the file under the original name. To me, this sounds like some weird permissions issue, but why would I be able to see the file when manually FTP-ing in with the same exact credentials? Any ideas? Scott -- - Scott Brady http://www.scottbrady.net/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:211050 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
NTFS file permissions don't restrict access
Thanks for your reply, Sean. I'll disperse my answers between your comments... >Ermm.. Having read the rest of the string... > >Are you already authenticated as an NT user? IE If you're established as an >NT user with permissions over the wwwroot and IIS is allowing NTFS auth then >this will avoid tricks like denying iusr read. I'm running MIE as ICGDEV, an authenticated user with no privileges to any template files on the server. > >Under IIS, the first trick to keep in mind is what users have access to >browse the directory at all. Who can pull up a directory listing, who can >actually read the files. Removing the IUSR should stop browsers from >accessing those pages. If it hasn't, try restarting the CF services. >Occasionally I have found those details caching and not re checking auth. > ICGDEV has no privileges to browse the directory and no privileges to read the files. I restarted the entire computer and it still behaves the same way. Access is given to ICGDEV to run the ColdFusion pages, even though it has no NTFS permissions. >The next trick to keep in mind is which process is actually calling the >script, and which user is that process authenticated under. > >IE Are you just browsing anonymously? Have you previously authenticated as >an Admin, is the script being called direct from your browser, or is it >being called as an include/component/etc from within your scripts. It's being called directly, its just hello.cfm with just the word 'hello' in it. > >Actual calls to the script from your browser will execute as you. The IUSR >if you haven't provided authentication and NT Auth is disabled, Your NT user >if NT Auth is enabled and you've authenticated in the NT domain, or the >authentication details you've provided through challenge/response. That's what I'm saying isn't working. I'm using integrated windows authentication, connecting as ICGDEV, and I'm still able to access the coldfusion pages from the browser. According to the technote, I shouldn't be able to, since ICGDEV doesn't have the neccessary read privileges. > >Internal script calls to other templates or components will execute as the >system user, or as cold fusion itself when executing. Sandboxing is the best >way to secure these type of calls imho. I'm not really considering using this for securing the pages (at this time), I'm just trying to understand how it works. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: NTFS file permissions don't restrict access
Ermm.. Having read the rest of the string... Are you already authenticated as an NT user? IE If you're established as an NT user with permissions over the wwwroot and IIS is allowing NTFS auth then this will avoid tricks like denying iusr read. Under IIS, the first trick to keep in mind is what users have access to browse the directory at all. Who can pull up a directory listing, who can actually read the files. Removing the IUSR should stop browsers from accessing those pages. If it hasn't, try restarting the CF services. Occasionally I have found those details caching and not re checking auth. The next trick to keep in mind is which process is actually calling the script, and which user is that process authenticated under. IE Are you just browsing anonymously? Have you previously authenticated as an Admin, is the script being called direct from your browser, or is it being called as an include/component/etc from within your scripts. Actual calls to the script from your browser will execute as you. The IUSR if you haven't provided authentication and NT Auth is disabled, Your NT user if NT Auth is enabled and you've authenticated in the NT domain, or the authentication details you've provided through challenge/response. Internal script calls to other templates or components will execute as the system user, or as cold fusion itself when executing. Sandboxing is the best way to secure these type of calls imho. - Original Message - From: "Brad Howerter" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, March 14, 2003 4:08 AM Subject: NTFS file permissions don't restrict access > That's what I used to think, too, until I read this technote: > http://www.macromedia.com/support/coldfusion/ts/documents/nt_auth_iis.htm > > >The CF Server's user account (by default, the system account) is the one > >that is actually doing the filesystem access, not the user account that has > >the web browser open. Since CF will alwasy use the same account to access > >.cfm files, NTFS permissions aren't going to help you at all. They'll > >either allow or disallow ALL access to CF pages, regardless of who is > >connecting, which can be done by simply stoping the CF services. > > > >barneyb > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: NTFS file permissions don't restrict access
CF will execute typically as the system user. Set your NTFS permissions on a directory level, so that users can't locate pages to call them so CF can't begin to execute them, or sandbox! Keep in mind includes/components/etc any script calls made from within CF will completely avoid NTFS permissions, so don't rely on internal script calls stopping based on NTFS permissions, sandbox instead. - Original Message - From: "Brad Howerter" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, March 14, 2003 4:37 AM Subject: NTFS file permissions don't restrict access > I would like to use NTFS file permissions to restrict my .cfm pages. I have > a server I'm playing with and I removed all general permissions from the > wwwroot directory, but I can still run the .cfm pages from any account. Why > doesn't this work? I'm running CFMX on a windows 2000 server. > > *** > The information in this e-mail is confidential and intended solely for the > individual or entity to whom it is addressed. If you have received this > e-mail in error please notify the sender by return e-mail, delete this > e-mail, and refrain from any disclosure or action based on the information. > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: NTFS file permissions don't restrict access
Very interesting. Not sure why you'd want to do it that way, but kind of cool. In light of this new information, I retract my previous statement, and humbly beg forgiveness for my contributions to a discussion to which I obvious have nothing to contribute. I haven't run CF on IIS since 4.5, so that's my excuse. ; ) cheers, barneyb > -Original Message- > From: Brad Howerter [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 13, 2003 10:08 AM > To: CF-Talk > Subject: NTFS file permissions don't restrict access > > > That's what I used to think, too, until I read this technote: > http://www.macromedia.com/support/coldfusion/ts/documents/nt_auth_iis.htm > > >The CF Server's user account (by default, the system account) is the one > >that is actually doing the filesystem access, not the user > account that has > >the web browser open. Since CF will alwasy use the same account > to access > >.cfm files, NTFS permissions aren't going to help you at all. They'll > >either allow or disallow ALL access to CF pages, regardless of who is > >connecting, which can be done by simply stoping the CF services. > > > >barneyb > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
NTFS file permissions don't restrict access
That's what I used to think, too, until I read this technote: http://www.macromedia.com/support/coldfusion/ts/documents/nt_auth_iis.htm >The CF Server's user account (by default, the system account) is the one >that is actually doing the filesystem access, not the user account that has >the web browser open. Since CF will alwasy use the same account to access >.cfm files, NTFS permissions aren't going to help you at all. They'll >either allow or disallow ALL access to CF pages, regardless of who is >connecting, which can be done by simply stoping the CF services. > >barneyb ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
NTFS file permissions don't restrict access
I should have mentioned this before: I have checked the 'check that file exists' checkbox in the application mapping setting for .cfm files. >I would like to use NTFS file permissions to restrict my .cfm pages. I have >a server I'm playing with and I removed all general permissions from the >wwwroot directory, but I can still run the .cfm pages from any account. Why >doesn't this work? I'm running CFMX on a windows 2000 server. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
NTFS file permissions don't restrict access
I should have mentioned this before: I have checked the 'Check that file exists' application mapping setting for .cfm. I notice that if my url is http://servf18, I get access denied, but if it is http://servf18/default.cfm, it works. Default.cfm is the file that runs be default, due to my IIS settings. I guess IIS is able to authenticate the file access if you don't specify the file explicitly. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: NTFS file permissions don't restrict access
The CF Server's user account (by default, the system account) is the one that is actually doing the filesystem access, not the user account that has the web browser open. Since CF will alwasy use the same account to access .cfm files, NTFS permissions aren't going to help you at all. They'll either allow or disallow ALL access to CF pages, regardless of who is connecting, which can be done by simply stoping the CF services. barneyb > -Original Message- > From: Brad Howerter [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 13, 2003 10:38 AM > To: CF-Talk > Subject: NTFS file permissions don't restrict access > > > I would like to use NTFS file permissions to restrict my .cfm > pages. I have > a server I'm playing with and I removed all general permissions from the > wwwroot directory, but I can still run the .cfm pages from any > account. Why > doesn't this work? I'm running CFMX on a windows 2000 server. > > *** > The information in this e-mail is confidential and intended solely for the > individual or entity to whom it is addressed. If you have received this > e-mail in error please notify the sender by return e-mail, delete this > e-mail, and refrain from any disclosure or action based on the > information. > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
NTFS file permissions don't restrict access
I would like to use NTFS file permissions to restrict my .cfm pages. I have a server I'm playing with and I removed all general permissions from the wwwroot directory, but I can still run the .cfm pages from any account. Why doesn't this work? I'm running CFMX on a windows 2000 server. *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail, delete this e-mail, and refrain from any disclosure or action based on the information. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
> > The CFM file is always executed within the context of > > the CF server, no matter what. Of course, you should > > limit the privileges of the account in which CF runs > > to the extent possible. > > > Which normally is the Localsystem account, which will > grant CFMX all access. Running CFMX under a different > user isn't as easy as it might seem. Just changing the > usercontext didn't do the trick here, it requires a > bunch of registry/ACL changes too. I found it very easy to run CFMX under a less-privileged user account, compared to CF 5 and earlier versions. I didn't have to make any registry changes, but of course I had to change the appropriate filesystem ACLs. But still, the whole thing took me all of about five minutes. I just granted RWXD to the \CFusionMX directory and its subdirectories (admittedly this could be tightened considerably) and read rights to the web root containing .cfm files. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
> > >>Does anyone know how this exploit is exploited? >> >> > >No, and I can't replicate it with my current configuration - web server >authentication seems to work fine for me. As I posted in another message, I >suspect it has to do with the JRun connector configuration; I'm using the >ISAPI extension option instead of the ISAPI filter. > If you have the ISAPI filer on, and haven't checked the "file exists" then your username/password are negated, and all requests to .cfm file are handled under the Coldfusion MX user context regardless of what you enetered. >>What context is the CFM template executed under? >> >> > >The CFM file is always executed within the context of the CF server, no >matter what. Of course, you should limit the privileges of the account in >which CF runs to the extent possible. > Which normally is the Localsystem account, which will grant CFMX all access. Running CFMX under a different user isn't as easy as it might seem. Just changing the usercontext didn't do the trick here, it requires a bunch of registry/ACL changes too. >>Is the application.cfm file still executed? >> >> > >I would assume so. Of course, since I haven't replicated the problem, I >can't say for sure. > Yes it is. Jesse ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
Jochem van Dieten wrote: >[EMAIL PROTECTED] wrote: > > >>Well, for an administrative tools directory, off the root of a site. If the >>ACL's deny access to the IUSR account, any unauthenticated user is prompted >>to enter their username/password to access the cfm files within that >>directory (or if the files them self have these ACL's). >> >> > >It is my understanding that unless you switch on "Check that file >exists" nobody is asked for their u/p. > > One does get asked, but any username/pass is accepted (empty too), as CFMX doesn't do an ACL check, it just accepts the ucsername/pass. Jesse ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
Dave Watts wrote: >> It is my understanding that unless you switch on "Check >> that file exists" nobody is asked for their u/p. > > This is not necessarily the case. I've been successfully using web server > authentication (both Basic and Windows Authentication) with IIS 5 and CFMX. > > I suspect that it has to do with the way that the JRun connector is > configured. On my test machine, I'm using the ISAPI extension. I suspect > that if I instead used the ISAPI filter, I'd run into the problem, but don't > have time to test that theory right now. Filters may take over control of a request before authentication, while extensions are always after authentication. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iisref/html/psdk/asp/isgu744y.asp > If any Macromedia people want to shed more light on the nature of the IIS > authentication problem, I'd appreciate it. I would like to know what event notifications are used by the jrun filter and what SF_STATUS code it returns. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
> Yikes - that would mean we would have to recode basically > every app we have ever made that has and web accessible > admin directory. Do you think it would be safe to use a > cold fusion scripted login routine instead of ACL's and > WIndows Authentication. Why couldn't you just enable the "Check that file exists" option within the web-accessible admin directory? That doesn't need to use search-engine-safe URLs, does it? > I recall seeing recently that web based admin's getting > hacked was one of the top security vulnerabilities with > web apps. I can't vouch for that, but it sounds plausible enough. But there's a lot you can do to secure administrative functionality, in addition to requiring a login. You can place it within its own virtual server, so that people are less likely to find it; you can limit who can access it by IP address; you can limit who can access it by requiring client certificates. You can use all of these techniques together, of course. > Does anyone know how this exploit is exploited? No, and I can't replicate it with my current configuration - web server authentication seems to work fine for me. As I posted in another message, I suspect it has to do with the JRun connector configuration; I'm using the ISAPI extension option instead of the ISAPI filter. > What context is the CFM template executed under? The CFM file is always executed within the context of the CF server, no matter what. Of course, you should limit the privileges of the account in which CF runs to the extent possible. > Is the application.cfm file still executed? I would assume so. Of course, since I haven't replicated the problem, I can't say for sure. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
> It is my understanding that unless you switch on "Check > that file exists" nobody is asked for their u/p. This is not necessarily the case. I've been successfully using web server authentication (both Basic and Windows Authentication) with IIS 5 and CFMX. I suspect that it has to do with the way that the JRun connector is configured. On my test machine, I'm using the ISAPI extension. I suspect that if I instead used the ISAPI filter, I'd run into the problem, but don't have time to test that theory right now. Oddly enough, since installing Updater 2, I can't run wsconfig.exe to configure the connector. If I try, I get this: Exception in thread "main" java.lang.NoSuchMethodError: jrunx.connectorinstaller.CIUtil.unquoteString(Ljava/lang/String;)Ljava/lang/ String; at jrunx.connectorinstaller.PropertyFileEditor.nextFullEntry(PropertyFileEditor .java:96) at jrunx.connectorinstaller.gui.ConfigFrame.getConfigList(ConfigFrame.java:191) at jrunx.connectorinstaller.gui.ConfigFrame.getConfigPanel(ConfigFrame.java:132 ) at jrunx.connectorinstaller.gui.ConfigFrame.(ConfigFrame.java:90) at jrunx.connectorinstaller.gui.ConfigFrame.run(ConfigFrame.java:384) at jrunx.connectorinstaller.ConnectorInstaller.main(ConnectorInstaller.java:536 ) When I run wsconfig.jar directly, it displays the wsconfig GUI, but won't allow me to configure any web servers. I imagine that it might work if run with command-line parameters. If any Macromedia people want to shed more light on the nature of the IIS authentication problem, I'd appreciate it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
I don't see that happening. I am still prompted for a u/p. Maybe because the server does not have Updater 2 installed. I'll doublecheck - thanks. brook At 01:12 AM 2/3/2003 +0100, you wrote: >[EMAIL PROTECTED] wrote: > > Well, for an administrative tools directory, off the root of a site. If > the > > ACL's deny access to the IUSR account, any unauthenticated user is > prompted > > to enter their username/password to access the cfm files within that > > directory (or if the files them self have these ACL's). > >It is my understanding that unless you switch on "Check that file >exists" nobody is asked for their u/p. > >Jochem > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
[EMAIL PROTECTED] wrote: > Well, for an administrative tools directory, off the root of a site. If the > ACL's deny access to the IUSR account, any unauthenticated user is prompted > to enter their username/password to access the cfm files within that > directory (or if the files them self have these ACL's). It is my understanding that unless you switch on "Check that file exists" nobody is asked for their u/p. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
Well, for an administrative tools directory, off the root of a site. If the ACL's deny access to the IUSR account, any unauthenticated user is prompted to enter their username/password to access the cfm files within that directory (or if the files them self have these ACL's). Is that enough security for a password protected directory. An attacker would still have to guess/brute force the password to gain access to those files/directories right? Brook At 11:18 PM 2/2/2003 +0100, you wrote: >[EMAIL PROTECTED] wrote: > > If the ACL's rules still apply, are they enough to use to restrict access? > >Could you elaborate? What do you want to do? > >Jochem > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
[EMAIL PROTECTED] wrote: > If the ACL's rules still apply, are they enough to use to restrict access? Could you elaborate? What do you want to do? Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
If the ACL's rules still apply, are they enough to use to restrict access? At 10:42 PM 2/2/2003 +0100, you wrote: >[EMAIL PROTECTED] wrote: > > Yikes - that would mean we would have to recode basically every app we > have > > ever made that has and web accessible admin directory. Do you think it > > would be safe to use a cold fusion scripted login routine instead of ACL's > > and WIndows Authentication. > >If you can write a decent login it should be no problem. > > > > Does anyone know how this exploit is exploited? What context is the CFM > > template executed under? Is the application.cfm file still executed? > >Think of it as a priorities issue. Until CF MX the priority of the IIS >security filter was higher as the priority of CF, so first the IIS >security was checked and then the control was passed on to the CF Service. >Now with CF MX the priority of the filter that intercepts for CF MX and >and redirects them to CF MX is higher as the priority of the IIS >Security filter. So the request is passed on to the CF MX service before >IIS security settings are checkd. But it is still a normal request, and >all the normal ACL rules still apply. > >Jochem > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
[EMAIL PROTECTED] wrote: > Yikes - that would mean we would have to recode basically every app we have > ever made that has and web accessible admin directory. Do you think it > would be safe to use a cold fusion scripted login routine instead of ACL's > and WIndows Authentication. If you can write a decent login it should be no problem. > Does anyone know how this exploit is exploited? What context is the CFM > template executed under? Is the application.cfm file still executed? Think of it as a priorities issue. Until CF MX the priority of the IIS security filter was higher as the priority of CF, so first the IIS security was checked and then the control was passed on to the CF Service. Now with CF MX the priority of the filter that intercepts for CF MX and and redirects them to CF MX is higher as the priority of the IIS Security filter. So the request is passed on to the CF MX service before IIS security settings are checkd. But it is still a normal request, and all the normal ACL rules still apply. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
Yikes - that would mean we would have to recode basically every app we have ever made that has and web accessible admin directory. Do you think it would be safe to use a cold fusion scripted login routine instead of ACL's and WIndows Authentication. I recall seeing recently that web based admin's getting hacked was one of the top security vulnerabilities with web apps. Does anyone know how this exploit is exploited? What context is the CFM template executed under? Is the application.cfm file still executed? Brook At 03:14 PM 2/2/2003 -0500, you wrote: > > Is there any way to use the "check that file exists" > > setting in IIS while using SES URL's. > > > > Example: http:www.mysite.com/index.cfm/fuseaction/display/ > >No, I don't think so, since the file doesn't actually exist! > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >voice: (202) 797-5496 >fax: (202) 797-5444 > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
> Is there any way to use the "check that file exists" > setting in IIS while using SES URL's. > > Example: http:www.mysite.com/index.cfm/fuseaction/display/ No, I don't think so, since the file doesn't actually exist! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
Ok Thanks :) I guess my next question is: Is there any way to use the "check that file exists" setting in IIS while using SES URL's. Example: http:www.mysite.com/index.cfm/fuseaction/display/ Brook At 05:05 AM 2/2/03 +, you wrote: >Forgot to include another link that may help you > >http://www.securitytracker.com/alerts/2003/Jan/1006023.html > >Cheers > > > --- [EMAIL PROTECTED] wrote: > Hello Weekenders, > > > > I'm sure most of you got the MM Security bulletin > > the other day > > (http://www.macromedia.com/security). I am trying to > > figure out what the > > security breach is if the steps outlines in the > > Security Bulletin are not > > taken. It doesn't describe what level of access an > > attacker could gain > > through this exploit. And since we use the SES Url's > > > > (mysite.com/index.cfm/myvar/myvarvalue/), I can not > > easily implement this > > security fix because checking the "check that file > > exists" box in IIS > > causes 404's since, the file name is buried in the > > query string. > > > > So If any one can fill me in on the severity of this > > exploit and then I can > > appropriately decide if I need to make some serious > > changes to multiple > > sites or find an alternative. > > > > Thanks > > > > Brook Davies > > maracasmedia > > > > > > > >__ >Do You Yahoo!? >Everything you'll ever need on one web page >from News and Sport to Email and Music Charts >http://uk.my.yahoo.com > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
Forgot to include another link that may help you http://www.securitytracker.com/alerts/2003/Jan/1006023.html Cheers --- [EMAIL PROTECTED] wrote: > Hello Weekenders, > > I'm sure most of you got the MM Security bulletin > the other day > (http://www.macromedia.com/security). I am trying to > figure out what the > security breach is if the steps outlines in the > Security Bulletin are not > taken. It doesn't describe what level of access an > attacker could gain > through this exploit. And since we use the SES Url's > > (mysite.com/index.cfm/myvar/myvarvalue/), I can not > easily implement this > security fix because checking the "check that file > exists" box in IIS > causes 404's since, the file name is buried in the > query string. > > So If any one can fill me in on the severity of this > exploit and then I can > appropriately decide if I need to make some serious > changes to multiple > sites or find an alternative. > > Thanks > > Brook Davies > maracasmedia > > > __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: MPSB03-02 - Using Windows NT Authentication and Windows file permissions
My understanding of this was that anybody could run the CFM template regardless of their NTFS file permissions, for that template. Cheers --- [EMAIL PROTECTED] wrote: > Hello Weekenders, > > I'm sure most of you got the MM Security bulletin > the other day > (http://www.macromedia.com/security). I am trying to > figure out what the > security breach is if the steps outlines in the > Security Bulletin are not > taken. It doesn't describe what level of access an > attacker could gain > through this exploit. And since we use the SES Url's > > (mysite.com/index.cfm/myvar/myvarvalue/), I can not > easily implement this > security fix because checking the "check that file > exists" box in IIS > causes 404's since, the file name is buried in the > query string. > > So If any one can fill me in on the severity of this > exploit and then I can > appropriately decide if I need to make some serious > changes to multiple > sites or find an alternative. > > Thanks > > Brook Davies > maracasmedia __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
MPSB03-02 - Using Windows NT Authentication and Windows file permissions
Hello Weekenders, I'm sure most of you got the MM Security bulletin the other day (http://www.macromedia.com/security). I am trying to figure out what the security breach is if the steps outlines in the Security Bulletin are not taken. It doesn't describe what level of access an attacker could gain through this exploit. And since we use the SES Url's (mysite.com/index.cfm/myvar/myvarvalue/), I can not easily implement this security fix because checking the "check that file exists" box in IIS causes 404's since, the file name is buried in the query string. So If any one can fill me in on the severity of this exploit and then I can appropriately decide if I need to make some serious changes to multiple sites or find an alternative. Thanks Brook Davies maracasmedia ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Roadblock!! file permissions
I was just going to suggest this but had already deleted the previous messages. You said that the employee does not want to display their picture, so you must know this from somewhere in the database, right? Use that to decide if you even need to check for the file in the first place... > Is it necessary to use OS-level file permissions to keep those photos fro m > being shown? I don't know what else you do with these files, but if it's > only your CF app accessing and displaying them, you could keep a simple > boolean field within a database table that tells you whether or not to sh ow > the image. > > Jim > > > - Original Message - > From: "Ray Bujarski" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Wednesday, February 06, 2002 2:58 PM > Subject: Roadblock!! file permissions > > > > I am trying to display a image of employees belonging to a director. > > Some of the images exists, some of them don't, some of the images exist > > without read permissions due to the employee not wanting their picture > shown. > > How can test the permissions of this file? FileExist(/photo/11.jpg) > > returns true for those without read permissions. > > I tried reading the file via cffile, but that doesn't work because it w ill > > just terminate processing. > > I tried to jimmy rig the reading by cftry where I set a variable in the > > catch. Doesn't work. > > I tried to use cfexecute with the ls command (unix os) but it can't > > recognize the ls command > > > > > > Ray Bujarski > > 858-845-7669 > > 858-636-9900 pgr > > [EMAIL PROTECTED] > __ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Roadblock!! file permissions
Is it necessary to use OS-level file permissions to keep those photos from being shown? I don't know what else you do with these files, but if it's only your CF app accessing and displaying them, you could keep a simple boolean field within a database table that tells you whether or not to show the image. Jim - Original Message - From: "Ray Bujarski" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, February 06, 2002 2:58 PM Subject: Roadblock!! file permissions > I am trying to display a image of employees belonging to a director. > Some of the images exists, some of them don't, some of the images exist > without read permissions due to the employee not wanting their picture shown. > How can test the permissions of this file? FileExist(/photo/11.jpg) > returns true for those without read permissions. > I tried reading the file via cffile, but that doesn't work because it will > just terminate processing. > I tried to jimmy rig the reading by cftry where I set a variable in the > catch. Doesn't work. > I tried to use cfexecute with the ls command (unix os) but it can't > recognize the ls command > > > Ray Bujarski > 858-845-7669 > 858-636-9900 pgr > [EMAIL PROTECTED] __ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Roadblock!! file permissions
Thanks, that worked. Ray At 02:25 PM 2/6/2002 -0800, you wrote: >Maybe try to CFFILE COPY, to a temp area, is successful display the image, >if not dontThe you can CFFILE DELETE to clean up the temp. > >Adrian > >-Original Message- >From: Ray Bujarski [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, February 06, 2002 1:59 PM >To: CF-Talk >Subject: Roadblock!! file permissions > > >I am trying to display a image of employees belonging to a director. >Some of the images exists, some of them don't, some of the images exist >without read permissions due to the employee not wanting their picture >shown. >How can test the permissions of this file? FileExist(/photo/11.jpg) >returns true for those without read permissions. >I tried reading the file via cffile, but that doesn't work because it will >just terminate processing. >I tried to jimmy rig the reading by cftry where I set a variable in the >catch. Doesn't work. >I tried to use cfexecute with the ls command (unix os) but it can't >recognize the ls command > > >Ray Bujarski >858-845-7669 >858-636-9900 pgr >[EMAIL PROTECTED] > > __ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Roadblock!! file permissions
Maybe try to CFFILE COPY, to a temp area, is successful display the image, if not dontThe you can CFFILE DELETE to clean up the temp. Adrian -Original Message- From: Ray Bujarski [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 1:59 PM To: CF-Talk Subject: Roadblock!! file permissions I am trying to display a image of employees belonging to a director. Some of the images exists, some of them don't, some of the images exist without read permissions due to the employee not wanting their picture shown. How can test the permissions of this file? FileExist(/photo/11.jpg) returns true for those without read permissions. I tried reading the file via cffile, but that doesn't work because it will just terminate processing. I tried to jimmy rig the reading by cftry where I set a variable in the catch. Doesn't work. I tried to use cfexecute with the ls command (unix os) but it can't recognize the ls command Ray Bujarski 858-845-7669 858-636-9900 pgr [EMAIL PROTECTED] __ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Roadblock!! file permissions
I am trying to display a image of employees belonging to a director. Some of the images exists, some of them don't, some of the images exist without read permissions due to the employee not wanting their picture shown. How can test the permissions of this file? FileExist(/photo/11.jpg) returns true for those without read permissions. I tried reading the file via cffile, but that doesn't work because it will just terminate processing. I tried to jimmy rig the reading by cftry where I set a variable in the catch. Doesn't work. I tried to use cfexecute with the ls command (unix os) but it can't recognize the ls command Ray Bujarski 858-845-7669 858-636-9900 pgr [EMAIL PROTECTED] __ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Tag for NTFS file permissions - wrong email sorry
Ignore my insanity... jon - Original Message - From: "Jon Hall" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Saturday, April 07, 2001 12:35 AM Subject: Re: Tag for NTFS file permissions > Hey Lewis, how about setting up a forum for ihkt on your site? > > jon > > > ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Tag for NTFS file permissions
Hey Lewis, how about setting up a forum for ihkt on your site? jon ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Tag for NTFS file permissions
> > Min's here's basically left the cf community... > Not good news. So what's it take to get you back? Um. Lots of money? /-) Actually I'm serious. My primary motivator in what programming work I do is the money. If that wasn't an issue... I'd most likely be sitting somewhere working on a couple novels. Also I just don't much care for cf or web design anymore. It's all dull, unending repetition. "monkeywork" as I've been known to call it. If the vc funding doesn't dry up, maybe I'll have a chance to just wipe it all away. :) --min ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Tag for NTFS file permissions
> > Min's here's basically left the cf community... > > Not good news. So what's it take to get you back? Judging from his resume, more money than any of us could afford;-) -- Aidan Whitehall <[EMAIL PROTECTED]> Netshopper UK Ltd Advanced Web Solutions & Services http://www.netshopperuk.com/ Telephone +44 (01744) 648650 Fax +44 (01744) 648651 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Tag for NTFS file permissions
Sorry crossed my mails up - a little incorrect mail :) -Original Message- From: Jason E Miller [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 20, 2001 6:48 PM To: CF-Talk Subject: RE: Tag for NTFS file permissions .. -Original Message- From: Bryan LaPlante [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 20, 2001 5:52 PM To: CF-Talk Subject: Re: Tag for NTFS file permissions Mr. Sellers. I would like to say thanks on behalf of our CF community in KC for the recent IHKT freeware. It is one hell of a nice resource. Bryan LaPlante Manager CFUG Kansas City MO. - Original Message - From: "lsellers" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, March 20, 2001 7:29 PM Subject: RE: Tag for NTFS file permissions > > > > Also check out in the IHKT at > > > http://www.intrafoundation.com. It is basically a cfx wrapper for cacls > > > anyway. > > > > To clarify, it uses low-level NT 3.51 system calls to manipulate > > permissions. (None of the annoying, sloth-like ADSI stuff.) So it > > works on anything above NT 3.51. And probably as low as CF versions 3.x. > > Oh, and I almost forgot to mention I added code to it a few months back (and > to everything in the IHTK) to allow it to be used on shared computers. Or > not to be used, as the case may be. > > It's also freeware and open-sourced now. Min's here's basically left the cf > community and pushed everything out on the web-lawn. :) > > Someone was talking to me about starting an IHTK support mailing list. If > anyone wants to grab the source to IHTK and start and open-source project to > enhance it, etc, go for it. You have my blessings. > > --min > > > ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Tag for NTFS file permissions
Joe - we need to setup DNS records for TheInetwork.com and setup a hosting for it on MediaCluster 4 then do a picture up load for Brian's son. -Original Message- From: Bryan LaPlante [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 20, 2001 5:52 PM To: CF-Talk Subject: Re: Tag for NTFS file permissions Mr. Sellers. I would like to say thanks on behalf of our CF community in KC for the recent IHKT freeware. It is one hell of a nice resource. Bryan LaPlante Manager CFUG Kansas City MO. - Original Message - From: "lsellers" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, March 20, 2001 7:29 PM Subject: RE: Tag for NTFS file permissions > > > > Also check out in the IHKT at > > > http://www.intrafoundation.com. It is basically a cfx wrapper for cacls > > > anyway. > > > > To clarify, it uses low-level NT 3.51 system calls to manipulate > > permissions. (None of the annoying, sloth-like ADSI stuff.) So it > > works on anything above NT 3.51. And probably as low as CF versions 3.x. > > Oh, and I almost forgot to mention I added code to it a few months back (and > to everything in the IHTK) to allow it to be used on shared computers. Or > not to be used, as the case may be. > > It's also freeware and open-sourced now. Min's here's basically left the cf > community and pushed everything out on the web-lawn. :) > > Someone was talking to me about starting an IHTK support mailing list. If > anyone wants to grab the source to IHTK and start and open-source project to > enhance it, etc, go for it. You have my blessings. > > --min > > > ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Tag for NTFS file permissions
> Min's here's basically left the cf community... Not good news. So what's it take to get you back? Ken ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Tag for NTFS file permissions
Mr. Sellers. I would like to say thanks on behalf of our CF community in KC for the recent IHKT freeware. It is one hell of a nice resource. Bryan LaPlante Manager CFUG Kansas City MO. - Original Message - From: "lsellers" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, March 20, 2001 7:29 PM Subject: RE: Tag for NTFS file permissions > > > > Also check out in the IHKT at > > > http://www.intrafoundation.com. It is basically a cfx wrapper for cacls > > > anyway. > > > > To clarify, it uses low-level NT 3.51 system calls to manipulate > > permissions. (None of the annoying, sloth-like ADSI stuff.) So it > > works on anything above NT 3.51. And probably as low as CF versions 3.x. > > Oh, and I almost forgot to mention I added code to it a few months back (and > to everything in the IHTK) to allow it to be used on shared computers. Or > not to be used, as the case may be. > > It's also freeware and open-sourced now. Min's here's basically left the cf > community and pushed everything out on the web-lawn. :) > > Someone was talking to me about starting an IHTK support mailing list. If > anyone wants to grab the source to IHTK and start and open-source project to > enhance it, etc, go for it. You have my blessings. > > --min > > > ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Tag for NTFS file permissions
> > Also check out in the IHKT at > > http://www.intrafoundation.com. It is basically a cfx wrapper for cacls > > anyway. > > To clarify, it uses low-level NT 3.51 system calls to manipulate > permissions. (None of the annoying, sloth-like ADSI stuff.) So it > works on anything above NT 3.51. And probably as low as CF versions 3.x. Oh, and I almost forgot to mention I added code to it a few months back (and to everything in the IHTK) to allow it to be used on shared computers. Or not to be used, as the case may be. It's also freeware and open-sourced now. Min's here's basically left the cf community and pushed everything out on the web-lawn. :) Someone was talking to me about starting an IHTK support mailing list. If anyone wants to grab the source to IHTK and start and open-source project to enhance it, etc, go for it. You have my blessings. --min ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Tag for NTFS file permissions
> Also check out in the IHKT at > http://www.intrafoundation.com. It is basically a cfx wrapper for cacls > anyway. To clarify, it uses low-level NT 3.51 system calls to manipulate permissions. (None of the annoying, sloth-like ADSI stuff.) So it works on anything above NT 3.51. And probably as low as CF versions 3.x. --min ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Tag for NTFS file permissions
Also check out in the IHKT at http://www.intrafoundation.com. It is basically a cfx wrapper for cacls anyway. jon - Original Message - From: "Dave Watts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, March 20, 2001 4:05 PM Subject: RE: Tag for NTFS file permissions > > Can anyone recommend a good tag to change NTFS file permissions? > > If you can use CFEXECUTE, you can call CACLS.EXE. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496 > fax: (202) 797-5444 > > ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Tag for NTFS file permissions
> Can anyone recommend a good tag to change NTFS file permissions? If you can use CFEXECUTE, you can call CACLS.EXE. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Tag for NTFS file permissions
Can anyone recommend a good tag to change NTFS file permissions? I found cfx_chmod in the tag gallery, but the download link doesn't lead anywhere... ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Unix File Permissions
Can someone tell me what the minium file permissions need to be for a cold fusion template and its directory in unix. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Changing file permissions in Unix
There are instructions in the CF Documentation titled "Setting File and Directory Attributes". Check the docs. Or just set the permissions with the unix CHMOD command. -- Mark Warrick Phone: (714) 547-5386 Efax.com Fax: (801) 730-7289 Personal Email: [EMAIL PROTECTED] Personal URL: http://www.warrick.net Business Email: [EMAIL PROTECTED] Business URL: http://www.fusioneers.com ICQ: 346566 -- > -Original Message- > From: Carol Chandler [mailto:[EMAIL PROTECTED]] > Sent: Friday, June 23, 2000 8:51 AM > To: [EMAIL PROTECTED] > Subject: Changing file permissions in Unix > > > We have our CF user (www) file permissions set to owner > read-write only (no group or world read or write), and like it > that way for most instances. However, in one case, we need to > change a file generated by CF to group read-write. Is there a > chmod command available in CF, or is there some command that > allows you to plug in a Unix command? > > Thanks. > > -- > > Archives: http://www.eGroups.com/list/cf-talk > To Unsubscribe visit > http://www.houseoffusion.com/index.cfm?sidebar=sts&body=sts/cf_tal > k or send a message to [EMAIL PROTECTED] with > 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Changing file permissions in Unix
If you are using CFFILE, you can always put the MODE="" attribute. -Original Message- From: Steve Bernard [mailto:[EMAIL PROTECTED]] Sent: Friday, June 23, 2000 12:12 PM To: [EMAIL PROTECTED] Subject: RE: Changing file permissions in Unix CFEXECUTE? Steve -Original Message- From: Carol Chandler [mailto:[EMAIL PROTECTED]] Sent: Friday, June 23, 2000 11:51 AM To: [EMAIL PROTECTED] Subject: Changing file permissions in Unix We have our CF user (www) file permissions set to owner read-write only (no group or world read or write), and like it that way for most instances. However, in one case, we need to change a file generated by CF to group read-write. Is there a chmod command available in CF, or is there some command that allows you to plug in a Unix command? Thanks. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Changing file permissions in Unix
Using the mode attribute in File = upload ??? MODE=777 etc just your standard chmod numbers Or you chould try cfexecute chmod etc... BTW the is a linux cf list @ [EMAIL PROTECTED] ~Justin > We have our CF user (www) file permissions set to owner read-write only (no group or world read or write), and like it that way for most instances. However, in one case, we need to change a file generated by CF to group read-write. Is there a chmod command available in CF, or is there some command that allows you to plug in a Unix command? > > Thanks. > > -- > Archives: http://www.eGroups.com/list/cf-talk > To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar > > -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Changing file permissions in Unix
CFEXECUTE? Steve -Original Message- From: Carol Chandler [mailto:[EMAIL PROTECTED]] Sent: Friday, June 23, 2000 11:51 AM To: [EMAIL PROTECTED] Subject: Changing file permissions in Unix We have our CF user (www) file permissions set to owner read-write only (no group or world read or write), and like it that way for most instances. However, in one case, we need to change a file generated by CF to group read-write. Is there a chmod command available in CF, or is there some command that allows you to plug in a Unix command? Thanks. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Changing file permissions in Unix
We have our CF user (www) file permissions set to owner read-write only (no group or world read or write), and like it that way for most instances. However, in one case, we need to change a file generated by CF to group read-write. Is there a chmod command available in CF, or is there some command that allows you to plug in a Unix command? Thanks. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: setting NTFS file permissions
> I was doing a little research just now... is ANY software for > cf to allow someone to set ACL's on NTFS files? (Set files to > allow or deny access to files based in NT users that is). > > I'm not seeing much of anything. (aside from SA-FileManager, > which is com-based). That's because there isn't anything. The SA tools, which I've worked with, work well from CF generally; I've been using them for a while. If you don't want to buy anything, you could simply use CACLS.EXE from CFEXECUTE. I suspect your real motivation for asking this was so that you could justify writing a new CFX for this, though; if so, knock yourself out! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
setting NTFS file permissions
I was doing a little research just now... is ANY software for cf to allow someone to set ACL's on NTFS files? (Set files to allow or deny access to files based in NT users that is). I'm not seeing much of anything. (aside from SA-FileManager, which is com-based). --min -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
