Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Setting Default Recommendation Description<br />
Missing Template<br />
Handler<br />
Site-wide Error<br />
Handler<br />
Maximum number<br />
of POST request<br />
parameters<br />
Blank or<br />
/CFIDE/administra<br />
tor/templates/miss<br />
ing_template_erro<br />
r.cfm<br />
Blank or<br />
/CFIDE/administra<br />
tor/templates/secu<br />
re_profile_error.cf<br />
m<br />
Specified The missing template handler HTML<br />
should be equivalent to the 404 error<br />
handler specified on your web<br />
server.<br />
The default missing template<br />
handler allows a potential attacker to<br />
get a rough idea of the ColdFusion<br />
version in use.<br />
Specified The default site-wide error handler<br />
may expose information about the<br />
cause of exceptions. Specify a<br />
custom siite-wide error handler that<br />
discloses the same generic<br />
message to the user for all<br />
exceptions. Be sure to log the actual<br />
exception.<br />
<strong>10</strong>0 <strong>10</strong>0 or lower Set this to the maximum number of<br />
form fields you have on any given<br />
page. Allowing too many form fields<br />
may allow for a DOS attack known<br />
as HashDOS.<br />
61