Adobe 38043740 Lockdown Guide - Page 75
Servlets and Servlet Mappings in web.xml
 |
UPC - 883919135168
View all Adobe 38043740 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 75 highlights
Section 6: ColdFusion Server Services ColdFusion provides a large number of services for developers to take advantage of. Most applications do not make use of all these services, and can therefore be disabled to improve security. 6.1 Servlets and Servlet Mappings in web.xml All JEE web applications have a file in the WEB-INF directory called web.xml this file defines the servlets and servlet mappings for the JEE web application. A servlet mapping defines a URI pattern that a particular servlet responds to. For example the servlet that handles requests for .cfm files is called the CfmServlet the servlet mapping for that looks like this: CfmServlet *.cfm The servlets are also defined in the web.xml file, the CfmServlet is defined as: CfmServlet CFML Template Processor Compiles and executes CFML pages and tags coldfusion.bootstrap.BootstrapServlet servlet.class coldfusion.CfmServlet 4 We can remove servlet mappings in the web.xml to reduce the surface of attack. You don't typically want to remove the CfmServlet or its servlet mapping, but there are other servlets and mappings that may be removed. 75
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70 -
71 -
72 -
73 -
74 -
75 -
76 -
77 -
78 -
79 -
80 -
81
-
82
-
83
-
84
-
85
-
86
-
87
 |
 |
