ColdFusion Lockdown

20 May 2013 11:56

So been going through various ColdFusion lock down tweeks, restrictions etc. and have a couple of useful links.

First up is the Unofficial Updater. What it’ll do is download the latest, relevant patches for your CF install and get them all in place. It saves a huge amount of time versus trying to do it yourself.

Second up is something off the back of the lock down guide relating to GraphData.cfm. It’s not a real path, it’s something that CF sorts out itself. If you choose to move CFIDE or restrict the path in the webserver this can cause issues. Either you leave it open, or, you can change the path it uses.

Credit to Brandon for the following tweaks to move it about:

Below changes cfchart engine to generate the image path based on this config.
/CFIDE/GraphData.cfm ==> /images/GraphData.cfm

{cfmx-root}/wwwroot/WEB-INF/web.xml servlet mapping
When a request is handled to /images/Graphdata.cfm the GraphServlet will be 
invoked to find and serve the charts.
/CFIDE/GraphData.cfm ==> /images/GraphData.cfm

Filed: General

You can follow any responses to this entry through the RSS 2.0 feed.

You can leave a comment or leave a trackback from your own site.

Leave a Reply

Twitter   •   About   •   Contact
©2017 Ian Winter. All Rights Reserved.   •   Powered by WordPress   •   Hosted at Memset