Assuming a single server, development instance install.....
*{installLocation}\runtime\servers\coldfusion\SERVER-INF\jrun.xml*
Update the "interface" attribute in the following service class
* <service class="jrun.servlet.http.WebService" name="WebService">*
* <attribute name="port">8500</attribute>*
* <attribute name="interface">127.0.0.1</attribute>*
* <attribute name="deactivated">false</attribute>*
* <attribute name="activeHandlerThreads">50</attribute>*
* <attribute name="minHandlerThreads">1</attribute>*
* <attribute name="maxHandlerThreads">1000</attribute>*
* <attribute name="mapCheck">0</attribute>*
* <attribute name="threadWaitTimeout">300</attribute>*
* <attribute name="backlog">500</attribute>*
* <attribute name="timeout">300</attribute>*
* </service>*
On Fri, Apr 19, 2013 at 9:16 AM, Wilson, Brooks
<[email protected] <mailto:[email protected]>> wrote:
Greetings:
I’ve lost my notes on how to secure the IP address when
setting up a CF 9 server for local development. I had
instructions on how to make the CF built in server accessible
only from the local host. Please post them if you have them.
TIA, Brooks
------------------------------------------------------------------------
Brooks Wilson| Senior Web Developer Programmer/Analyst
*Technology Solutions Services | **Application Delivery
Services*
Federal Reserve Bank of Atlanta | 1000 Peachtree Street,
Atlanta, GA 30309-4470
Phone: 404.498.8178 <tel:404.498.8178> | Fax: 404.498.8239
<tel:404.498.8239> | Mobile: 404.985.9270 <tel:404.985.9270>
Email: [email protected]
<mailto:[email protected]>
*From:*[email protected] <mailto:[email protected]>
[mailto:[email protected] <mailto:[email protected]>] *On Behalf
Of *Charlie Arehart
*Sent:* Friday, April 12, 2013 6:18 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* RE: [ACFUG Discuss] 9.01 vs 9.02
Steve, this is a point I just made in one of my replies this
week to Ajas, but to reiterate, any security hotfixes created
by Adobe are created for 9.0, 9.0.1, and 9.0.2. So no, you
are not in any danger, as long as you always apply the latest
HFs.
As for not updating to Java 7, yes, technically you are “in
danger”, in that Oracle has EOLed java 6 and are NOT offering
new updates for Java 6. So if there are new vulnerabilities
identified, they will only update Java 7, not 6 (just as if
Adobe fixes CF now, they only do it for CF 10 and 9, not 8 or
earlier). The EOL of java 6 was only in the past couple of
months, so at least you can update to a 8relatively recent*
JVM update, just not THE latest one.
Finally, as for your observation about the wording of the
Adobe mention about “supported jdks”, I assume you are
referring to the first sentence of step 1 in this doc:
http://helpx.adobe.com/coldfusion/kb/change-coldfusion-jvm.html
“Download and install a supported version of JDK.”
I suppose that’s just a CYA statement. (And if this doc may
have existed for CF9 before the update that allowed 1.7, it
was referring to them supporting only Java 1.6. Indeed, until
about mid-last year, they only supported up to 1.6.0_24.) But
I agree with you it would be better if they’d show or point
to some table to clarify what JVMs are supported by what
versions of CF. (Seems a good blog opportunity!)
/charlie
*From:*[email protected] <mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Steven
*Sent:* Friday, April 12, 2013 8:35 AM
*To:* [email protected] <mailto:[email protected]>
*Subject:* [ACFUG Discuss] 9.01 vs 9.02
All,
while we're on the subject of patching & upgrades..
last night I patched our *9.01* box with the latest hotfix4
from
http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html
and I followed the steps there.
But I'm still fuzzy on a couple things..
I didn't want to go through the hassle of doing a complete
uninstall/reinstall to get the box over to the 9.02 series.
Am I still in danger of having security holes that aren't
addressed by the 9.01 series hotfixes?
And, also within this hotfix4 I applied -- an "optional" step
is to upgrade the jvm by getting the latest jdk from oracle,
modifying the jvm.config to call the new, etc. I elected not
to touch the jvm and we are still using native (out of the
box ver). Am I again in danger of new security issues? (I
have another Adobe rant. They mention in this step to use
only the JDKs which are compatible with cf9 -- but don't
bother within the instructions to tell you which are
compatible!).
How did you guys approach your cf9 patching?
Happy Friday.
Thx,
Steve
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink <http://www.fusionlink.com>
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink <http://www.fusionlink.com>
-------------------------------------------------------------
--
Dawn
