Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
5.3 <strong>Server</strong> Settings > Client Variables<br />
Setting Default Recommendation Description<br />
Default<br />
Storage<br />
Mechanism<br />
for Client<br />
Sessions<br />
Cookie None / Cookie If applications have client<br />
management enabled a large<br />
amount of data can accumulate on<br />
the server. This can lead to a<br />
storage failure if disks become full.<br />
Because the registry is typically<br />
located on the system partition it is<br />
not recommended to use the<br />
Registry.<br />
5.4 <strong>Server</strong> Settings > Memory Variables<br />
Setting Default Recommendation Description<br />
Use J2EE<br />
session<br />
variables<br />
Enable<br />
Session<br />
Variables<br />
Unchecked Checked if J2EE<br />
interoperability<br />
required.<br />
Checked Unchecked only if<br />
not using sessions<br />
When checked ColdFusion will use<br />
the session management of the<br />
underlying JEE container (eg<br />
Tomcat) instead of it’s own<br />
CFID/CFTOKEN.<br />
Most applications require session<br />
variables but if none of the<br />
applications on the server require<br />
them uncheck this box.<br />
65