CF Sandbox Security Tricks and Tips

I've been working on getting CF Sandbox security working. It's trickier than I first thought so here's how to do it for future reference:

Enable security Manager

Instructions from Steven Erat's blog:

Stop ColdFusion.
Locate the jvm.config file in jrun_root/bin.
Back up the file.
Open the file in a text editor.
Add the following lines to the java.args section:

NOTE the example from the adobe site has the quotes in the wrong place.
Note you also need to change [cf_webapp_root] to match the location on your machine.


After I enabled Datasource security I began to receive the following error, a bit of digging reminded me that the MySQL connector tries to do some autoconfiguration for coldfusion to optimise it.

Message: Can't find configuration template named 'coldFusion'
Type: java.sql.SQLException

It was failing to load the configuration file which is inside the mysql connector jar file /com/mysql/jdbc/configs/

I haven't gotten to the bottom of why it couldn't be loaded but adding the following to the datasource query string fixed it up:

I would suggest adding some of the settings from this file as paramaters in your datasource settings as per previous post

Note: This was using the following:

  • ColdFusion 7.0.2 Cumulative Hotfix 1 Multiserver install
  • MySQL connector/J 5.0.8

Hope it helps.

This post was posted in , , , , by on