Adobe 38043740 Lockdown Guide - Page 46
Update Java Virtual Machine, 1.7 Block Unused file types, File Extensions
 |
UPC - 883919135168
View all Adobe 38043740 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 46 highlights
4.1.6 Update Java Virtual Machine The Java Virtual Machine included with the ColdFusion installer may not be the latest JVM supported by Adobe ColdFusion 10, or it may contain security issues. Download the JVM from java.oracle.com. 4.1.7 Block Unused file types ColdFusion provides a number of capabilities that are not used commonly which can be blocked. A good example of this is JSP file execution. Here is a list of file extensions that ColdFusion handles by default: File Extensions that usually can be blocked (check with developers first): Purpose Safe to Block Executes CFML templates (same as .cfm files) JavaServer Pages The .cfml file is not typically used by developers, if you don't use .cfml block this file extension. Yes, if your applications do not require JSP. Java Web Services - allows you to easily write and deploy SOAP web services in Java similar to a CFC. Yes if not used. Hybernate XML mappings Yes this should be blocked. A more robust solution is to specify a whitelist of allowed file extensions, and block the rest. For example allow only .cfm .css .js .png .html .jpg and block anything else. Your application may require additional extensions. 46
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41 -
42 -
43 -
44 -
45 -
46 -
47 -
48 -
49 -
50 -
51 -
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
 |
 |
