FarCry in a Shared Hosting environment

#1

My hosting company urges me to upgrade my web site running FarCry 7.2.9 on CF11 to CF2016 or, preferred, CF2018.

However, as it seems, FarCry needs to be granted the rights to load and execute the Java classes in the core (first of all being the JavaLoader class. Not being a Java developer at all, I understand that this jar file serves as the foundation to dynamically load any other jar files (for example the UUID creation algorithm) without the need to change/edit/alter the Java path settings on the ColdFusion server.

As it seems, the provider considers enabling this setting (BTW, which one ist it exactly?) to be a security issue.

Now, the main question is:

  1. What are my options? Is it possible to run FarCry without those Java classes being enabled (even if I would have to do without some functionality)? For example, I guess I could live without the Internet Address locator class.

  2. Which parts would I need to re-develop? Which Java classes are currently used?

  3. Where to find those? Is there any documentation available?

I am well aware of the fact that going this route could require quite some time to re-develop those features. However, with everybody obviously being scared because of possible effects on sever security, using FarCry in a Shared Hosting environment doesn’t seem to have a bright future. (Which I would pity because I very much like the CMS.)

Since I am already negotiating the topic with the hosting company, any pointers, suggestions, remarks, support, etc., are highly appreciated.

Thanks,
Thomas

1 Like
#2

We in the process of dealing with Java 11 and JavaLoader related issues (JavaLoader no longer works because CORBA deprecated in Java 11).

In the p740 branch on GitHub JavaLoader has been removed and has been replaced with calls to creating normal Java objects, and the java.net.InetAddress hostname lookups in the Application.cfc have also been removed.

Here’s the list of tickets completed so far;
https://farcry.jira.com/projects/FC/versions/15004/tab/release-report-all-issues

Can you give the p740 branch a try and see if it solves the problems you currently have, and if not perhaps provide more details (with stack traces if possible) so that I can see if we’re able to address them?

1 Like
#3

I should also mention, p740 is currently considered BETA as we might need to make further changes in p740 that could involve the schema, so we’ll need to do that before we officially release 7.4.0. It could be several weeks away before it’s ready for release, but any schema changes will be mentioned in the release notes.

1 Like
#4

Justin,

Thank you for the quick reply.
I’ll check out the p740 branch on the weekend and give it a try. Let’s see how far this will get me. Anyway, it is great to learn that I might not need to do all the work by myself. (And of course I will follow up with any findings.)

1 Like