TechNote (Archived)

CFFTP fails when using Sandbox Security

Issue

When using cfftp in a template within a directory protected by sandbox security, the following error is reported:

 Error Occurred While Processing Request Security: The requested template has been denied access to  localhost:1024-. The following is the internal exception message: access denied  (java.net.SocketPermission localhost:1024- listen,resolve) ColdFusion cannot determine the line of the template that caused this error. This is often caused by an error in the exception handling subsystem.

Sandbox security in ColdFusion MX uses the underlying J2EE Java security model. When sandbox security is enabled, Java security watches IP connections. However, allowing ColdFusion MX to connect to a specific IP address does not automatically imply that ColdFusion MX will also accept incoming connections from this IP address. The error above is caused by ColdFusion MX disallowing the incoming connection.

FTP supports two modes: active and passive. When usingactive FTP, ColdFusion makes the initial connection to the FTP server and then the FTP server creates an additional incoming connection back to ColdFusion for the data. When usingpassive FTP, ColdFusion makes the same initial connection to the FTP server but then ColdFusion, rather than the FTP server, creates a second connection to the FTP server for the data.

Solution

Enable passive mode within every use of the cfftp tag to ensure ColdFusion is creating the connection to the FTP server for the data.

Examples:

 <cfftp action = "open"    username = "anonymous"    connection = "My_query"    password = "youremail@email.com"    server = "ftp.tucows.com"    stopOnError = "yes"passive="yes">

 <cfftp action="getfile"    stopon    remote    local    connection="My_query"    username="anonymous"    password="youremail@email.com"passive="yes">

For a detailed explanation of active and passive modes for FTP, please see Active FTP vs. Passive FTP, a Definitive Explanation.