If I recall, there is more than one xml file or child node that has interface set to asterisk.
Sent from my iPhone On Apr 19, 2013, at 9:38 AM, Dawn Hoagland <[email protected]> wrote: > Assuming a single server, development instance install..... > > {installLocation}\runtime\servers\coldfusion\SERVER-INF\jrun.xml > > Update the "interface" attribute in the following service class > > <service class="jrun.servlet.http.WebService" name="WebService"> > <attribute name="port">8500</attribute> > <attribute name="interface">127.0.0.1</attribute> > <attribute name="deactivated">false</attribute> > <attribute name="activeHandlerThreads">50</attribute> > <attribute name="minHandlerThreads">1</attribute> > <attribute name="maxHandlerThreads">1000</attribute> > <attribute name="mapCheck">0</attribute> > <attribute name="threadWaitTimeout">300</attribute> > <attribute name="backlog">500</attribute> > <attribute name="timeout">300</attribute> > </service> > > > On Fri, Apr 19, 2013 at 9:16 AM, Wilson, Brooks <[email protected]> > wrote: >> Greetings: >> >> >> >> I’ve lost my notes on how to secure the IP address when setting up a CF 9 >> server for local development. I had instructions on how to make the CF built >> in server accessible only from the local host. Please post them if you have >> them. >> >> >> >> TIA, Brooks >> >> Brooks Wilson | Senior Web Developer Programmer/Analyst >> Technology Solutions Services | Application Delivery Services >> >> Federal Reserve Bank of Atlanta | 1000 Peachtree Street, Atlanta, GA >> 30309-4470 >> >> Phone: 404.498.8178 | Fax: 404.498.8239 | Mobile: 404.985.9270 >> >> Email: [email protected] >> >> >> >> From: [email protected] [mailto:[email protected]] On Behalf Of Charlie Arehart >> Sent: Friday, April 12, 2013 6:18 PM >> To: [email protected] >> Subject: RE: [ACFUG Discuss] 9.01 vs 9.02 >> >> >> >> Steve, this is a point I just made in one of my replies this week to Ajas, >> but to reiterate, any security hotfixes created by Adobe are created for >> 9.0, 9.0.1, and 9.0.2. So no, you are not in any danger, as long as you >> always apply the latest HFs. >> >> As for not updating to Java 7, yes, technically you are “in danger”, in that >> Oracle has EOLed java 6 and are NOT offering new updates for Java 6. So if >> there are new vulnerabilities identified, they will only update Java 7, not >> 6 (just as if Adobe fixes CF now, they only do it for CF 10 and 9, not 8 or >> earlier). The EOL of java 6 was only in the past couple of months, so at >> least you can update to a 8relatively recent* JVM update, just not THE >> latest one. >> >> Finally, as for your observation about the wording of the Adobe mention >> about “supported jdks”, I assume you are referring to the first sentence of >> step 1 in this doc: >> http://helpx.adobe.com/coldfusion/kb/change-coldfusion-jvm.html >> >> “Download and install a supported version of JDK.” >> >> I suppose that’s just a CYA statement. (And if this doc may have existed for >> CF9 before the update that allowed 1.7, it was referring to them supporting >> only Java 1.6. Indeed, until about mid-last year, they only supported up to >> 1.6.0_24.) But I agree with you it would be better if they’d show or point >> to some table to clarify what JVMs are supported by what versions of CF. >> (Seems a good blog opportunity!) >> >> /charlie >> >> >> >> From: [email protected] [mailto:[email protected]] On Behalf Of Steven >> Sent: Friday, April 12, 2013 8:35 AM >> To: [email protected] >> Subject: [ACFUG Discuss] 9.01 vs 9.02 >> >> >> >> All, >> >> while we're on the subject of patching & upgrades.. >> >> last night I patched our 9.01 box with the latest hotfix4 from >> http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html >> >> and I followed the steps there. >> >> >> >> But I'm still fuzzy on a couple things.. >> >> >> >> I didn't want to go through the hassle of doing a complete >> uninstall/reinstall to get the box over to the 9.02 series. Am I still in >> danger of having security holes that aren't addressed by the 9.01 series >> hotfixes? >> >> >> >> And, also within this hotfix4 I applied -- an "optional" step is to upgrade >> the jvm by getting the latest jdk from oracle, modifying the jvm.config to >> call the new, etc. I elected not to touch the jvm and we are still using >> native (out of the box ver). Am I again in danger of new security issues? (I >> have another Adobe rant. They mention in this step to use only the JDKs >> which are compatible with cf9 -- but don't bother within the instructions to >> tell you which are compatible!). >> >> >> >> How did you guys approach your cf9 patching? >> >> Happy Friday. >> >> >> >> Thx, >> >> Steve >> >> >> >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by FusionLink >> ------------------------------------------------------------- >> >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by FusionLink >> ------------------------------------------------------------- > > > > -- > Dawn
