Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
User / Group Permissions<br />
cfusion (Your ColdFusion Service Identity) • List folder / read data<br />
• Read attributes<br />
• Read extended attributes<br />
• Read permissions<br />
(Add additional write/delete permissions<br />
to folders or files that CF must write to)<br />
Click the Add button and add the iisservice user grant Read and List Folder Contents Permission. Add the<br />
cfusion user and grant Read, List Folder Contents Permission. Grant cfusion Write and Delete permission if<br />
your applications make use of the file system via (cffile, cfdirectory, etc). Also give the Administrators full<br />
control over this folder, and remove any unnecessary privileges.<br />
Check the Replace all existing inheritable auditing entries on all descendants with inheritable auditing entries<br />
from this object checkbox to propagate this setting to all sub folders and files existing or created below this<br />
folder.<br />
Select the Auditing tab in the Advanced Security Settings dialog. Click the Edit button and ensure that some<br />
level of auditing exists. Auditing can generate a large amount of logs, and if too verbose can make the job of<br />
monitoring the server logs difficult. Auditing every successful file read in this directory may not be necessary.<br />
Use your judgement to determine an appropriate auditing policy based on your security requirements. A good<br />
minimal policy would be to audit all Fails, and certain Success events (Delete, Change Permissions, etc).<br />
<strong>10</strong>