Adobe 38043740 - ColdFusion Standard - Mac Manual page 54

4.2.8 Add umask to startup script
Edit the /etc/init.d/coldfusion10 startup script and add the line near the top but below the
#description comment:
umask 007
Consider setting a more restrictive umask on for the group permission.
4.3 Post Configuration Settings for Windows and Linux
The following changes should be made to both Windows and Linux installs.
4.3.1 Enable Sandbox Security
Login to the ColdFusion administrator and select Enable Sandbox Security from the Security > Sandbox
Security page.
Configure sandboxes for each site, or high risk portions of each site. Using the principal of least privilege deny
access to any tags, functions, datasources, file paths, and IP / ports that do not need to be accessed by code
in the particular sandbox.
The sandbox of the requested CFM / CFC is the active sandbox for all code executed in a particular request.
If you are running Standard Edition you can still setup a sandbox but you cannot create multiple sandboxes.
4.3.2 Remove Tomcat Web Server on cfusion instance
When you install ColdFusion it will setup the Tomcat web server running on port 8500. This is not needed and
should be disabled. Backup and edit the {cf.instance.root}/runtime/conf/server.xml file, and
remove or comment out the following:
<Connector executor="tomcatThreadPool" maxThreads="50"
port="8500" protocol="org.apache.coyote.http11.Http11Protocol"
54