Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.2.8 Add umask to startup script<br />
Edit the /etc/init.d/coldfusion<strong>10</strong> startup script and add the line near the top but below the<br />
#description comment:<br />
umask 007<br />
Consider setting a more restrictive umask on for the group permission.<br />
4.3 Post Configuration Settings for Windows and Linux<br />
The following changes should be made to both Windows and Linux installs.<br />
4.3.1 Enable Sandbox Security<br />
Login to the ColdFusion administrator and select Enable Sandbox Security from the Security > Sandbox<br />
Security page.<br />
Configure sandboxes for each site, or high risk portions of each site. Using the principal of least privilege deny<br />
access to any tags, functions, datasources, file paths, and IP / ports that do not need to be accessed by code<br />
in the particular sandbox.<br />
The sandbox of the requested CFM / CFC is the active sandbox for all code executed in a particular request.<br />
If you are running Standard Edition you can still setup a sandbox but you cannot create multiple sandboxes.<br />
4.3.2 Remove Tomcat Web <strong>Server</strong> on cfusion instance<br />
When you install ColdFusion it will setup the Tomcat web server running on port 8500. This is not needed and<br />
should be disabled. Backup and edit the {cf.instance.root}/runtime/conf/server.xml file, and<br />
remove or comment out the following:<br />