[coldbox:4070] permissions issue on shared server

Hi Everyone. I am in the process of deploying my first coldbox app to a production server. The application is hosted at Hostek.
When I try to load the site I am getting this error:
Security: The requested template has been denied access to BeanFactory.cfc.
The following is the internal exception message: access denied (java.io.FilePermission BeanFactory.cfc read)

The error occurred in D:\home\lawyerswarehouse.com\wwwroot\coldbox\system\services\PluginService.cfc: line 337
Called from D:\home\lawyerswarehouse.com\wwwroot\coldbox\system\services\PluginService.cfc: line 72
Called from D:\home\lawyerswarehouse.com\wwwroot\coldbox\system\services\PluginService.cfc: line 129
Called from D:\home\lawyerswarehouse.com\wwwroot\coldbox\system\web\Controller.cfc: line 328
Called from D:\home\lawyerswarehouse.com\wwwroot\coldbox\system\services\LoaderService.cfc: line 77
Called from D:\home\lawyerswarehouse.com\wwwroot\coldbox\system\Coldbox.cfc: line 71
Called from D:\home\lawyerswarehouse.com\wwwroot\Application.cfc: line 66

335 :
336 : // Check Extensions locations First
337 : if( fileExists(pluginFilePath) ){
338 : return getExtensionsPath() & “.” & arguments.plugin;
339 : }

According to Hostek, the app is trying to access
C:\ColdFusion9\runtime\bin\BeanFactory.cfc,
which is off limits.
This doesn’t seem right. I had the site running as a subdomain of another hostek hosting account earlier.

The site’s url is lawyerswarehouse.com

Any insight into the source of the problem would be much appreciated.
Thanks,
Joel
Can anyone help me trouble shoot this problem?
Thanks,
Joel

that doesn’t seem right, at all, you need to further investigate it.

Luis F. Majano
President
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com

Sounds like they might have locked down cffile. That's quite common on
shared hosting. Most will allow those tags if you raise a ticket.

When I try to load the site I am getting this error:
Security: The requested template has been denied access to BeanFactory.cfc.
The following is the internal exception message: access denied
(java.io.FilePermission BeanFactory.cfc read)

...

337 : if( fileExists(pluginFilePath) ){

...

According to Hostek, the app is trying to access
C:\ColdFusion9\runtime\bin\BeanFactory.cfc,
which is off limits.

I've run into this with Fusebox on shared hosts too. Essentially if
fileExists() would return false, the security sandbox can trip and
think you're requesting a file in the default CF path (but it's
actually something else that is internal to CF). I don't remember the
details but I do remember some people being blocked by this.

It usually indicates the hosting company has got things far too locked
down to be useful and my recommendation is always to find a new
hosting company... or, if it's a business site that actually brings in
any revenue at all, move it off shared hosting. Shared hosting is a
BAD IDEA(tm) for business applications. If you're making money, pay a
little extra for a VPS where you're a) more secure and b) have total
control of the sandbox yourself.

Shared hosting is going away. All the hosting companies admit that.
Don't beat yourself up with the pain of shared hosting...

And I'll say it again: if your application is on the same shared host
as mine, I can read your application variables. If you have passwords
or other sensitive data and your application loads that into
application scope - even via a framework - they I have your passwords.
This has been true for years and I have to keep reminding people about
it. It's a function of how application scope works - each application
is a sub-structure of the unnamed web application context for the
underlying Java container so it's easy to get access to that and then
walk through all the applications running on that server.