Dawn: Thanks! We miss you!
Sincerely, Brooks ________________________________ Brooks Wilson | Senior Web Developer Programmer/Analyst Technology Solutions Services | Application Delivery Services Federal Reserve Bank of Atlanta | 1000 Peachtree Street, Atlanta, GA 30309-4470 Phone: 404.498.8178 | Fax: 404.498.8239 | Mobile: 404.985.9270 Email: [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Dawn Hoagland Sent: Friday, April 19, 2013 1:23 PM To: [email protected] Subject: Re: [ACFUG Discuss] CF 9 IP restriction I'm fairly certain that's the only thing. John H. should still have the documentation I wrote for locking down instances (although it's geared toward multi-server). On Fri, Apr 19, 2013 at 1:20 PM, Teddy R Payne <[email protected]<mailto:[email protected]>> wrote: If I recall, there is more than one xml file or child node that has interface set to asterisk. Sent from my iPhone On Apr 19, 2013, at 9:38 AM, Dawn Hoagland <[email protected]<mailto:[email protected]>> wrote: Assuming a single server, development instance install..... {installLocation}\runtime\servers\coldfusion\SERVER-INF\jrun.xml Update the "interface" attribute in the following service class <service class="jrun.servlet.http.WebService" name="WebService"> <attribute name="port">8500</attribute> <attribute name="interface">127.0.0.1</attribute> <attribute name="deactivated">false</attribute> <attribute name="activeHandlerThreads">50</attribute> <attribute name="minHandlerThreads">1</attribute> <attribute name="maxHandlerThreads">1000</attribute> <attribute name="mapCheck">0</attribute> <attribute name="threadWaitTimeout">300</attribute> <attribute name="backlog">500</attribute> <attribute name="timeout">300</attribute> </service> On Fri, Apr 19, 2013 at 9:16 AM, Wilson, Brooks <[email protected]<mailto:[email protected]>> wrote: Greetings: I've lost my notes on how to secure the IP address when setting up a CF 9 server for local development. I had instructions on how to make the CF built in server accessible only from the local host. Please post them if you have them. TIA, Brooks ________________________________ Brooks Wilson | Senior Web Developer Programmer/Analyst Technology Solutions Services | Application Delivery Services Federal Reserve Bank of Atlanta | 1000 Peachtree Street, Atlanta, GA 30309-4470 Phone: 404.498.8178<tel:404.498.8178> | Fax: 404.498.8239<tel:404.498.8239> | Mobile: 404.985.9270<tel:404.985.9270> Email: [email protected]<mailto:[email protected]> From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Charlie Arehart Sent: Friday, April 12, 2013 6:18 PM To: [email protected]<mailto:[email protected]> Subject: RE: [ACFUG Discuss] 9.01 vs 9.02 Steve, this is a point I just made in one of my replies this week to Ajas, but to reiterate, any security hotfixes created by Adobe are created for 9.0, 9.0.1, and 9.0.2. So no, you are not in any danger, as long as you always apply the latest HFs. As for not updating to Java 7, yes, technically you are "in danger", in that Oracle has EOLed java 6 and are NOT offering new updates for Java 6. So if there are new vulnerabilities identified, they will only update Java 7, not 6 (just as if Adobe fixes CF now, they only do it for CF 10 and 9, not 8 or earlier). The EOL of java 6 was only in the past couple of months, so at least you can update to a 8relatively recent* JVM update, just not THE latest one. Finally, as for your observation about the wording of the Adobe mention about "supported jdks", I assume you are referring to the first sentence of step 1 in this doc: http://helpx.adobe.com/coldfusion/kb/change-coldfusion-jvm.html "Download and install a supported version of JDK." I suppose that's just a CYA statement. (And if this doc may have existed for CF9 before the update that allowed 1.7, it was referring to them supporting only Java 1.6. Indeed, until about mid-last year, they only supported up to 1.6.0_24.) But I agree with you it would be better if they'd show or point to some table to clarify what JVMs are supported by what versions of CF. (Seems a good blog opportunity!) /charlie From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Steven Sent: Friday, April 12, 2013 8:35 AM To: [email protected]<mailto:[email protected]> Subject: [ACFUG Discuss] 9.01 vs 9.02 All, while we're on the subject of patching & upgrades.. last night I patched our 9.01 box with the latest hotfix4 from http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html and I followed the steps there. But I'm still fuzzy on a couple things.. I didn't want to go through the hassle of doing a complete uninstall/reinstall to get the box over to the 9.02 series. Am I still in danger of having security holes that aren't addressed by the 9.01 series hotfixes? And, also within this hotfix4 I applied -- an "optional" step is to upgrade the jvm by getting the latest jdk from oracle, modifying the jvm.config to call the new, etc. I elected not to touch the jvm and we are still using native (out of the box ver). Am I again in danger of new security issues? (I have another Adobe rant. They mention in this step to use only the JDKs which are compatible with cf9 -- but don't bother within the instructions to tell you which are compatible!). How did you guys approach your cf9 patching? Happy Friday. Thx, Steve ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink<http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink<http://www.fusionlink.com> ------------------------------------------------------------- -- Dawn -- Dawn ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
