We are currently working to integrate ContentBox CMS into the Helicon Zoo repository, to make it available in Web Application Gallery on some Windows hosting providers. And we have faced several problems which I hope you may help us to resolve.
The main problem is that ContentBox tries to make “logs” dir and write log files into the upper directory level then it’s installation directory. While it may be fine with dedicated server installations, in the shared hosting environment users don’t have permissions to write into upper directories, outside of their web site folder. This wouldn’t be such a big problem if Content Box wouldn’t throw a fatal error if logs directory cannot be created.
The similar problem we faced when ContentBox tried to create temporary files in the global system temp directory. The worst thing about this problem is that names of the files are same for all ContentBox installations in the system and having two or more CB installations lead to files conflicts. We managed to resolve this problem by setting “TEMP” and “TMP” environment variables for each ContentBox installation to point inside the user’s web site directory. Unfortunately we cannot find any environment variable or other setting we can set to point logs directory inside the web site location. I appreciate any help with this issue.
Each ContentBox should have their own config file, wthin the config file you specify where you want the logs written, based on the application. ContentBox doesn’t create log files by default, you had to switch this on, as all logs are done to the console by default.
This means that you need to provide each application running ContentBox, with their own application name. This will ensure that the directory struct is unique across your applications.
Hopefully that makes sense to you, if not let me know and I will expand some more if needed.
Where can I read about this configuration file and how to set log files directory?
We have not changed anything in configuration, simply downloaded ContentBox package from your site and tried to integrate it.
Are you integrating into an existing ColdBox application?
I mean no offense by this. As a matter of fact, I am appreciative of the work you’ve done/are doing to help promote CFML (Railo). What you’ve done with the Helicon Zoo stuff is pretty cool for Windows users. That said, I am quite concerned by your statement:
in the shared hosting environment users don’t have permissions to write into upper directories, outside of their web site folder
I would never in a million years use a host like that, and I would immediately tell anyone and everyone that they should not use such a host, either. The security holes created by such a setup are big enough that you can drive a fleet of warships through. And hackers do just that.
Shared hosting should be set up so that the user account has its root/home directory, which is not exposed via http, and then an webroot that is. Something like so:
/sites/clientA <= client’s root/home
/sites/clientA/webroot <= client’s web root/home
In such a setup, ContentBox would use the first path for non-web accessible items (temp files, uploads, logs, etc), while using the second path for the web accessible items.
If the Helicon Zoo integration doesn’t support this sort of structure, then it is doing more harm than good.
Again, thank you for the work you’re doing to support CFML, but it sounds like your team needs to rethink its approach so as to securely support/promote CFML.
You are absolutely right, most hosting providers are configured with user root folders not directly exposed with http. But we are building automatic installation system and we cannot expect there will be any sort of parent folder for the application and there will be write permissions for it. In fact we can operate on a very limited amount of resources and with a limited suppositions. We need to have a solution that can bring application up and running with only few mouse clicks in various environments. For example with default Windows IIS installations there is no parent folder with write permissions, as I mentioned. I don't want all these users to write to our support complaining that the application does not work.
The solution would be to disable logging and temporary files by default and let users to configure it later manually, if they have appropriate locations for these files. If you can provide me with information how to do this I will be very grateful.
Well we still need to know if you are using a full blown ContentBox, or you are installing ContentBox into an existing ColdBox application. Logs are defaulted to the console.
So can you explain that, or give the error message your getting.
We are referencing to this file: http://www.gocontentbox.org/builds/contentbox_1.1.0.zip
Thank you for your support, we have already found where the configuration file for ContentBox is located and how to disable logging using it. ContentBox installation is working now and will be included into the public repository soon.
I just returned from vacation today. Please let me know if you need anything. Please email me directly at firstname.lastname@example.org