Adobe® ColdFusion® 10 Server Lockdown
Guide
Section 1: Introduction
The ColdFusion 10 Server Lockdown Guide is written to help server administrators
secure their ColdFusion 10 installations. In this document you will find several tips
and suggestions intended to improve the security of your ColdFusion server. The
reader is strongly encouraged to test all recommendations on an isolated test
environment before deploying into production.
1.1 Default File Paths and Usernames
This guide will provide example file system paths for installation, you do not need to
use the same example installation paths provided in this guide.
1.2 Operating Systems and Web Servers
This guide focuses on Windows 2008 / IIS 7, and Redhat Enterprise Linux (RHEL)
6.3 / Apache 2.2. Many of the suggestions presented in this document can be
extrapolated to apply to similar Operating Systems and Web Servers.
Contents
Section 1: Introduction………………………………….1
Section 2: Installation Prerequisites……………………. 3
Section 3 - Installing ColdFusion………………………32
Section 4 - Post ColdFusion Installation……………….41
Section 5: ColdFusion Administrator Settings…………57
Section 6: ColdFusion Server Services………………..57
Section 7: Patch Management Procedures…………….83
Appendix A: Sources of Information…………………84
Appendix B: List of Acronyms……………………….85
Acronym……………………………………………85
Meaning…………………………………………….85