Assuming a single server, development instance install.....
*{installLocation}\runtime\servers\coldfusion\SERVER-INF\jrun.xml*
Update the "interface" attribute in the following service class
* <service class="jrun.servlet.http.WebService" name="WebService">*
* <attribute name="port">8500</attribute>*
* <attribute name="interface">127.0.0.1</attribute>*
* <attribute name="deactivated">false</attribute>*
* <attribute name="activeHandlerThreads">50</attribute>*
* <attribute name="minHandlerThreads">1</attribute>*
* <attribute name="maxHandlerThreads">1000</attribute>*
* <attribute name="mapCheck">0</attribute>*
* <attribute name="threadWaitTimeout">300</attribute>*
* <attribute name="backlog">500</attribute>*
* <attribute name="timeout">300</attribute>*
* </service>*
On Fri, Apr 19, 2013 at 9:16 AM, Wilson, Brooks
<[email protected]>wrote:
> Greetings:****
>
> ** **
>
> I’ve lost my notes on how to secure the IP address when setting up a CF 9
> server for local development. I had instructions on how to make the CF
> built in server accessible only from the local host. Please post them if
> you have them.****
>
> ** **
>
> TIA, Brooks****
> ------------------------------
>
> Brooks Wilson | Senior Web Developer Programmer/Analyst
> *Technology Solutions Services | **Application Delivery Services*
>
> Federal Reserve Bank of Atlanta | 1000 Peachtree Street, Atlanta, GA
> 30309-4470****
>
> Phone: 404.498.8178 | Fax: 404.498.8239 | Mobile: 404.985.9270****
>
> Email: [email protected]****
>
> ** **
>
> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Charlie
> Arehart
> *Sent:* Friday, April 12, 2013 6:18 PM
> *To:* [email protected]
> *Subject:* RE: [ACFUG Discuss] 9.01 vs 9.02****
>
> ** **
>
> Steve, this is a point I just made in one of my replies this week to Ajas,
> but to reiterate, any security hotfixes created by Adobe are created for
> 9.0, 9.0.1, and 9.0.2. So no, you are not in any danger, as long as you
> always apply the latest HFs.
>
> As for not updating to Java 7, yes, technically you are “in danger”, in
> that Oracle has EOLed java 6 and are NOT offering new updates for Java 6.
> So if there are new vulnerabilities identified, they will only update Java
> 7, not 6 (just as if Adobe fixes CF now, they only do it for CF 10 and 9,
> not 8 or earlier). The EOL of java 6 was only in the past couple of months,
> so at least you can update to a 8relatively recent* JVM update, just not
> THE latest one.
>
> Finally, as for your observation about the wording of the Adobe mention
> about “supported jdks”, I assume you are referring to the first sentence of
> step 1 in this doc:
> http://helpx.adobe.com/coldfusion/kb/change-coldfusion-jvm.html
>
> “Download and install a supported version of JDK.”
>
> I suppose that’s just a CYA statement. (And if this doc may have existed
> for CF9 before the update that allowed 1.7, it was referring to them
> supporting only Java 1.6. Indeed, until about mid-last year, they only
> supported up to 1.6.0_24.) But I agree with you it would be better if
> they’d show or point to some table to clarify what JVMs are supported by
> what versions of CF. (Seems a good blog opportunity!)
>
> /charlie****
>
> ** **
>
> *From:* [email protected] [mailto:[email protected] <[email protected]>] *On
> Behalf Of *Steven
> *Sent:* Friday, April 12, 2013 8:35 AM
> *To:* [email protected]
> *Subject:* [ACFUG Discuss] 9.01 vs 9.02****
>
> ** **
>
> All,****
>
> while we're on the subject of patching & upgrades..****
>
> last night I patched our *9.01* box with the latest hotfix4 from
> http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html****
>
> and I followed the steps there.****
>
> ** **
>
> But I'm still fuzzy on a couple things..****
>
> ** **
>
> I didn't want to go through the hassle of doing a complete
> uninstall/reinstall to get the box over to the 9.02 series. Am I still in
> danger of having security holes that aren't addressed by the 9.01 series
> hotfixes?****
>
> ** **
>
> And, also within this hotfix4 I applied -- an "optional" step is to
> upgrade the jvm by getting the latest jdk from oracle, modifying the
> jvm.config to call the new, etc. I elected not to touch the jvm and we are
> still using native (out of the box ver). Am I again in danger of new
> security issues? (I have another Adobe rant. They mention in this step to
> use only the JDKs which are compatible with cf9 -- but don't bother within
> the instructions to tell you which are compatible!).****
>
> ** **
>
> How did you guys approach your cf9 patching?****
>
> Happy Friday.****
>
> ** **
>
> Thx,****
>
> Steve****
>
> ** **
>
>
> -------------------------------------------------------------
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink <http://www.fusionlink.com>
> ------------------------------------------------------------- ****
>
> -------------------------------------------------------------
> To unsubscribe from this list, manage your profile @
> http://www.acfug.org?fa=login.edituserform
>
> For more info, see http://www.acfug.org/mailinglists
> Archive @ http://www.mail-archive.com/discussion%40acfug.org/
> List hosted by FusionLink <http://www.fusionlink.com>
> -------------------------------------------------------------
--
Dawn
