Adobe 38043740 - ColdFusion Standard - Mac Manual page 46
Server lockdown guide
Hide thumbs
Also See for 38043740 - ColdFusion Standard - Mac:
- User manual (112 pages) ,
- Development manual (1350 pages)
Table of Contents
Advertisement
4.1.6 Update Java Virtual Machine
The Java Virtual Machine included with the ColdFusion installer may not be the latest JVM supported by
Adobe ColdFusion 10, or it may contain security issues. Download the JVM from java.oracle.com.
4.1.7 Block Unused file types
ColdFusion provides a number of capabilities that are not used commonly which can be blocked. A good
example of this is JSP file execution. Here is a list of file extensions that ColdFusion handles by default:
File Extensions that usually can be blocked (check with developers first):
Purpose
Executes CFML templates
(same as .cfm files)
JavaServer Pages
Java Web Services - allows you
to easily write and deploy SOAP
web services in Java similar to a
CFC.
Hybernate XML mappings
A more robust solution is to specify a whitelist of allowed file extensions, and block the rest. For example allow
only .cfm .css .js .png .html .jpg and block anything else. Your application may require additional extensions.
Safe to Block
The .cfml file is not typically used by
developers, if you don't use .cfml block this file
extension.
Yes, if your applications do not require JSP.
Yes if not used.
Yes this should be blocked.
46
Advertisement
Table of Contents
Related Manuals for Adobe 38043740 - ColdFusion Standard - Mac
Related Products for Adobe 38043740 - ColdFusion Standard - Mac
- Adobe 38040334 - Dreamweaver CS3
- Adobe 38040286 - Contribute CS3 - PC
- Adobe 38040165 - Visual Communicator - PC
- Adobe 38043755 - ColdFusion Enterprise - Mac
- Adobe 38000511 - Macromedia Flash Basic
- Adobe 38039927 - Fireworks CS3 - PC
- Adobe 38039481 - Flash CS3 Professional
- Adobe 38000827 - Macromedia ColdFusion MX Standard Edition