Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Setting Default Recommendation Description<br />
Disable access to<br />
internal ColdFusion<br />
Java components<br />
Prefix serialized<br />
JSON with<br />
Maximum Output<br />
Buffer size<br />
Unchecked Checked The internal ColdFusion Java<br />
components may allow<br />
administrative duties to be<br />
performed.<br />
Some developers may write code<br />
that relies on these components.<br />
This practice should be avoided as<br />
these components are not<br />
documented.<br />
Unchecked: // Checked: // This setting helps prevent JSON<br />
hijacking, and should be turned on.<br />
ColdFusion AJAX tags and functions<br />
automatically remove the prefix.<br />
If developers have written CFC<br />
functions with returnformat=”json” or<br />
use the SerializeJSON function, the<br />
prefix will be applied, and should be<br />
removed in the client code before<br />
processing.<br />
Developers can override this setting<br />
at the application level.<br />
<strong>10</strong>24KB Lower A lower output buffer size may<br />
reduce the memory footprint in some<br />
applications.<br />
58