ColdFusion Security Example
http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24 -7c30.html
I followed above link to create a user login function.
I want to it shows user welcome message and set login input invisible and give user logout button to logout.
It gives me login form, but it does not show welcome message and login input still on the form.
Here is my code which is exatly from above link.
Can you please help me to see any mistake in my code or modify the code to make login to show welcome message and invisible login input and give user logout button?
Your help and information is great appreciated,
Regards,
Iccsi,
<cffunction
name="OnRequestStart"
access="public"
returntype="boolean"
output="false"
hint="Fires at first part of page processing.">
<!---Define arguments.--->
<cfargument
name="TargetPage"
type="string"
required="true"
/>
<cfif IsDefined("Form.logout")>
<cflogout>
</cfif>
<cflogin>
<cfif not isdefined("cflogin")>
<cfinclude template="loginform.cfm">
<cfinclude template="index.cfm">
<cfabort>
<cfelse>
<cfif cflogin.name IS "" OR cflogin.password IS "">
<cfoutput>
<h2>You must enter text in both the user name and password fields.</h2>
</cfoutput>
<cfinclude template="Common/loginform.cfm">
<cfinclude template="index.cfm">
<cfabort>
<cfelse>
<cfstoredproc procedure="MySP" datasource="MySource">
<cfprocparam value="#cflogin.name#" cfsqltype="cf_sql_char">
<cfprocparam value="#cflogin.password#" cfsqltype="cf_sql_char">
<cfprocresult name="myUser" resultset="1">
</cfstoredproc>
<cfif myUser.UserRoles NEQ "">
<cfloginuser name="#cflogin.name#" password="#cflogin.password#" roles="#myUser.UserRoles#">
<cfelse>
<cfoutput>
<h2>Your login information is not valid.<br>
Please try again</h2>
</cfoutput>
<cfinclude template="loginform.cfm">
<cfinclude template="index.cfm">
<cfabort>
</cfif>
</cfif>
</cfif>
</cflogin>
<cfif GetAuthUser() NEQ "">
<cfoutput>
<form action="securitytest.cfm" method="post">
<input type="Submit" Name="Logout" Value="Logout">
</cfoutput>
</cfif>
<!--- Return out. --->
<cfreturn true />
</cffunction>
Hi,
Thank you for letting us know. We are checking these.
Regards,
Anit Kumar
Similar Messages
-
Does ColdFusion : Security Bulletin APSB10-11 apply to MX 7.0.2
I contacted adobe phone support and was directed to post my question to the forum because adobe doesn't provide phone support for server products.
So, Does ColdFusion : Security Bulletin APSB10-11 apply to MX 7.0.2?
In the Security Bulleting it reads like it does:
Summary
Important vulnerabilities have been identified in ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX. The vulnerabilities could lead to cross-site scripting and information disclosure.
source: http://www.adobe.com/support/security/bulletins/apsb10-11.html
However, there are no solutions in the technote:
Issue
Note: This technote and the attachments have been updated on 05/13/2010. All ColdFusion users should review the technote again. An issue when this security fix was applied with Cumulative Hot Fix 4 for ColdFusion 8.0.1 has been identified and resolved. The issue was caused by a naming conflict.
ColdFusion 9.0, 8.0.1 and 8.0 are affected with the issue mentioned in the security bulletin APSB10-11. This technote provides fixes for the security issues along with the installation instructions.
source: http://kb2.adobe.com/cps/841/cpsid_84102.html
Additionally, does anyone know if Cold Fusion MX 7.0.2 is a supported product?
Thank you any help will be benifitial.I contacted adobe phone support and was directed to post my question to the forum because adobe doesn't provide phone support for server products.
I have had phone support from them, and they were quite helpful. Do you mean they don't do free phone support? No, they don't.
I cannot believe they suggested you raise an issue on the forum. That's just sh!t. There's no other way of describing that.
Additionally, does anyone know if Cold Fusion MX 7.0.2 is a supported product?
http://www.adobe.com/support/products/enterprise/eol/eol_matrix.html#63
Only for "Extended support", whatever that is.
[searches]
Hmmm... http://www.adobe.com/support/programs/policies/terms_customer.html:
Extended Support. If version of software held by Customer at time of renewal has been end-of-lifed during the next renewal term, Customer may renew to Extended Support, provided that Extended Support is available for such software version. Information about Software that has been or soon will be end-of-lifed and Extended Support availability dates by product version are published at www.adobe.com/support. If Customer elects to purchase Extended Support, the Annual Support Fee shall be twenty-five (25%) percent of the license fee paid for the Software (if such fee cannot be established, the percentage would be based on the then-current list price of the license fee for the Software), however in no event shall the amount be less than the last renewal prior to renewing under Extended Support.
If extended support is renewed, the renewal fee would be the Annual Support Fee paid for the prior year increased by the applicable Consumer Price Index (CPI)*, for the 12-month period preceding the renewal date. Should Customer upgrade to the next major version of the Software (e.g., upgrade from 4.0 to 5.0), the Annual Support Fee for the upgraded version shall be the lesser of twenty percent (20%) of the then current list price of the license fee for such upgraded version, or the Annual Support Fee for the last renewal prior to renewing under Extended Support increased by the applicable Consumer Price Index (CPI)*, for the 12-month period preceding the renewal date.
So there you go. It's something you'd have to be paying for anyhow, and my reading of that is that it's too late to get it now anyhow.
I think this will also mean that you're definitely out of luck in regards to any sort of patching going on for CFMX7.
Adam -
Enabling ORM causes coldfusion.security.SecurityManager$UnauthenticatedCredentialsException
I'm working on a Windows 2008 Enterprise server with ColdFusion 9 Standard datasourcing MySQL 5.1. When I enable ORM in my application.cfc I receive the following error:
coldfusion.security.SecurityManager$UnauthenticatedCredentialsException
at coldfusion.security.SecurityManager.authenticateAdmin(SecurityManager.java:1826)
at coldfusion.featurerouter.handler.standard.StandardSecurityManager.authenticateAdmin(StandardSecurityManager.java:47)
at coldfusion.sql.Executive.getDatasource(Executive.java:439)
at coldfusion.orm.hibernate.HibernateConfiguration.initHibernateConfiguration(HibernateConfiguration.java:160)
at coldfusion.orm.hibernate.HibernateConfiguration.<init>(HibernateConfiguration.java:141)
at coldfusion.orm.hibernate.ConfigurationManager.initConfiguration(ConfigurationManager.java:69)
at coldfusion.orm.hibernate.HibernateProvider.InitializeORMForApplication(HibernateProvider.java:182)
at coldfusion.orm.hibernate.HibernateProvider.beforeApplicationStart(HibernateProvider.java:85)
at coldfusion.filter.ApplicationFilter.fireBeforeAppStartEvent(ApplicationFilter.java:475)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:221)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:87)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:53)
at coldfusion.CfmServlet.service(CfmServlet.java:200)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
I have confirmed the following:
CF 9 ORM does work on my development environment for this same application.
This error only occurs when I enable ORM for the CF application on this server.
I previously thought that the MySQL user for ColdFusion may not have valid permissions. However, giving that user all permissions still did not fix the error.
ORM was working for this same application in the past. One conclusion may be an issue with the latest CF hotfix provided by Adobe (which I did install about a month ago). However, I can confirm that the application did work AFTER that install.
Any suggestions on how to get ORM working would be much appreciated!The only way I could resolve this error was to reinstall ColdFusion. I've even updated CF9 with the latest hotfix and it's running fine. I'll wait and see how it goes.
-
Subscribe to only coldfusion security bulletins
How can I subscribe to *ONLY* coldfusion security bulletins. Preferably CF9 only.
thanks,
jbeeIs Microsoft is still releasing security bulletins for pre-SP1 Windows Server 2008 R2? My guess is no. The "service pack support end date" is listed as 4/9/2013.
Which is exactly what that date means. No more updates for the previous SP level(s) of the product; no more
support for systems running the previous SP level(s) of the product.
But the admin thinks pre-SP1 is still eligible for security bulletins until the end of its Extended Support
The 'admin' is incorrect, and this behavior is no different than it has been since the updates for Windows Server 2003 Service Pack 1 were cut off in April 2007. Following the cutoff date, updates are explicitly coded to ignore older SP level(s) of the product.
This should be very easy to prove to your 'admin'. Show your 'admin' a WS2008R2 *RTM* machine in the WSUS console with one of those current updates released after April 2013 and observe very closely the
Not Applicable status that is reported, and have the 'admin' contemplate why that is. Or, if no WSUS, just scan WU and try to find anything released after April 2013 in the list of available updates (assuming there are actually
any available updates at all).
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. -
Web server–based authentication user security example
This question was posted in response to the following article: http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24 -7c35.html
Any chance of a working example?
-
Logon/security examples and tutorials and missing one
So far, I have found examples on Sun's site for:
DB based security
http://developers.sun.com/prodtech/javatools/jscreator/reference/techart/signon_app.html
JAAS security (bottom right of screen)
http://developers.sun.com/prodtech/javatools/jscreator/ea/jsc2/learning/tutorials/index.html
But suprisingly, I can not find any examples/tutorials on using container-based security (such as Tomcat/J2EE/Sun's own App Server).
To be concise, I do not see how to use web.xml's <security-constraint> tags via BASIC or FORM auth for security.
Does anyone have any more links to be added to this thread, hopefully including the infamous missing j_security_check login with JSF?
Thanky,
-DHi,
My case:
My login.jsp uses <html:form action="/postLogin" method="post"> and is inturn redirected to LoginAction action class. In the execute method of this class, after a bunch of statements, I have
return new ActionForward("j_security_check");
My web.xml looks something like -
<form-login-config>
<form-login-page>/login.do</form-login-page>
<form-error-page>/denied.do</form-error-page>
</form-login-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
What happens now is that when I try to access http://localhost:8080/..../login.do, it takes me to index.jsp by default.
My problem is, I have a third field (dropdown) in the login page - depending on which my landing page must change. How can I do this (I want to retain the container based authentication)? Please reply as I have been working on this for quite sometime without a solution :(
Thanks in adv
Sri -
Coldfusion secure FTP & digital certificates
Hello !
I am currently in the process of developing a corporate CF intranet site that is behind a corporate firewall and part of the application will need to send a data file (FTP put) to a remote FTP server using secured FTP (FTPS). I have never used Coldfusion before for either secured or unsecured FTP. I am planning on using the CFFTP tag to open the connection and send the data file but I have a number of other questions regarding the use & installation of the digital certificates.:
Current development environment setup:
CF version 9 standard edition running on Windows Server 2008 R2
Microsoft IIS 7
Current production environment setup:
CF version 9 enterprise edition running on Windows Server 2008 R2
Microsoft IIS 7
1. The data file that is being created must be sent to a finanacial institution and they will be providing a digital certificate (p12 format) to me. What do I do with that certificate once I get it ? I have installed SSL certificates before on http web sites with IIS without any issues but I am not sure what to do with the certificate for secured FTP. Do I import the certificate into IIS using the MMC snap on or does the certificate need to be integrated into Coldfusion in some other way and if so, what needs to be done ?
2. What other steps need to be prior to being able to use the CFFTP tag for a secured FTP send ?
I would appreciate as much help as possible as I haven't used CF for FTP before.
Thank you.Dave,
Thank you for answering.
1. I have imported the certificate into the cacerts file by using the following command:
keytool -import -keystore ../lib/security/cacerts -alias x -file c:\downloads\y
where x was the alias name I assigned and y was the certificate name (extension of 'der').
I tried importing a p12 and p7b certificate but neither of those worked. I received the message 'Not a valid X.509 Certificate' from the command. I then successfully imported a Base64 certificate (der). I believe the certificate has been successfully imported because I ran the following and it shows the MD5 fingerprint:
keytool -list -alias x -keystore ../lib/security/cacerts
where x is my alias name I assigned in the original import
2. I then ran the following CFM command replacing the '*'s with the appropriate server name, user name, and password
<cfftp action="open" connection="conn1" secure="yes" server="********" username="******" password="*****" port="21"
</cfftp>
I am getting the CF error
An error occurred while establishing an sFTP connection.
Verify your connection attributes: username, password, server, fingerprint, port, key, connection, proxyServer, and secure (as applicable). Error: User Authentication failed.
Any suggestions or help would be appreciated.
Thank you. -
Coldfusion Security hotfix hf901-00002 - esapiconfig log error
Just patched two new CENTOS 5.5 servers running jrun/CF EE 901 installs. Start up trace message throws errors for:
java.io.FileNotFoundException: ../logs/esapiconfig.log affecting log4j
Manually added the missing log file - still no joy.
Any ideas?The security hotfix was updated on March 7th, see http://www.petefreitag.com/item/787.cfm I think the update resolves this issue
-
We are preparing to upgrade to ColdFusion 10 from ColdFusion 8. We are particulary interested in best practices for securing the installation, in particular securing the administrator on external facing systems.
The installation will be in a Solaris environment using Oracle iPlanet Web Server.
Can anyone provide such best practices, experiences or suggestions?
Thanks in advance.Yes, there are many. (While you refer to CF10, I’ll assume you’re also open to general guidelines that apply to all releases of CF10.)
First is the “Adobe ColdFusion 9 server lockdown guide file”, at http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/910 25512-cf9-lockdownguide-wp-ue.pdf.
There is also the “ColdFusion 8 developer security guidelines file”, at ColdFusion 8 developer security guidelines file.
Both of these are listed at the bottom of (because they’re older) of the CF Security center site:
http://www.adobe.com/devnet/coldfusion/security.html
As for CF10 security, there have been many changes, discussed among other places here: http://www.adobe.com/devnet/coldfusion/articles/security-improvements.html (which is also listed on that security center). It also has preso recordings and more.
As for CF security in general, the “go to guy” for that (who in fact wrote that Lockdown guide) is Pete Freitag, who with his company Foundeo (foundeo.com) offer still other resources (info and tools), among which the most important is the free HackMyCF.com service (which offers additional commercial features), which can scan your server and identify vulnerabilities and recommends fixes.
Finally, as for your root question of securing your Admin, that’s best done by either securing its access with your external web server (iPlanet, in your case) which can involve requiring basic, digest, or other additional authentication (beyond CF’s password), limiting IP addresses that can access it, and more. Those are features of the web server, though, not CF.
On the other hand, some resort to NOT allowing access to the CF Admin (via that external web server) and let it be accessed only via CF’s internal web server (Tomcat’s web server, in CF10). Because by default that works on a port other than 80 (8500, for instance), that would be blocked on your server unless opened in your firewall. Surprisingly, I find that this idea is not discussed in either of the first two guides above. But the CF documentation (both the Installing, and the Configuring and Administering manuals) does discuss the internal web server.
Hope that helps.
/charlie -
Locking down coldfusion for security threats
Hi,
We were looking to lockdown our coldfusion server from outside threats and have lookd at multiple forums for it. Most of them were referring to run coldfusion under an unprivileged user account (other than administrator).
Has anyone done similar kind of configuration before as we haven't got any clue how to do this. We will appreciate if someone could write down all the steps to do it.
Thanks
Steve Jordan
http://hyve.comDepending on the version you are running, Adobe has lockdown guides for securing ColdFusion.
ColdFusion 10: http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guid e.pdf
ColdFusion 9: http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/910 25512-cf9-lockdownguide-wp-ue.pdf
They were written for Adobe by Pete Freitag of Foundeo. Pete is a ColdFusion security guru.
-Carl -
Memory leak after upgrading to ColdFusion 10
We recently upgraded from CF8 to CF10 and we're running into some issues. We started off getting a lot of OutOfMemory errors with the default heap settings. Chaning them to 768MB/1280MB which has helped, but we're still running into occasional OOM issues. We took a heapdump as the instance was having problems today with blocked threads and noticed the heap usage was near the max so it was probably going to run out of memory soon too. Below is what the eclipse memory analyzer tool found as a possible leak suspect. Does anyone have any suggestions on where to go from here? Not sure if it's an issue with CF itself or something in the app. Thanks
Description
One instance of "coldfusion.runtime.ClientScopeServiceImpl" loaded by "coldfusion.bootstrap.BootstrapClassLoader @ 0x120bbaf0" occupies 838,847,880 (88.33%) bytes. The memory is accumulated in one instance of "java.util.HashMap$Entry[]" loaded by "<system class loader>".
Keywords
coldfusion.runtime.ClientScopeServiceImpl
java.util.HashMap$Entry[]
coldfusion.bootstrap.BootstrapClassLoader @ 0x120bbaf0
Shortest Paths To the Accumulation Point
Class Name
Shallow Heap
Retained Heap
java.util.HashMap$Entry[524288] @ 0x3b88e058
2,097,168
838,843,064
table java.util.HashMap @ 0x1212d2f8
48
838,843,112
sharedClientScopeMap coldfusion.runtime.ClientScopeServiceImpl @ 0x1212af08
88
838,847,880
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x100f16d8 ajp-bio-51010-exec-20 Thread
112
21,624
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x103df100 ajp-bio-51010-exec-36 Thread
112
19,552
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x1043f0e0 ajp-bio-51010-exec-72 Thread
112
19,392
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x10a8eec0 ajp-bio-51010-exec-83 Thread
112
22,288
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x10befce8 ajp-bio-51010-exec-54 Thread
112
18,256
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x11d35e18 ajp-bio-51010-exec-5 Thread
112
23,776
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x121b97e0 ajp-bio-51010-exec-68 Thread
112
18,160
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x123c4f88 ajp-bio-51010-exec-74 Thread
112
18,816
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x123c5078 ajp-bio-51010-exec-27 Thread
112
19,784
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x12693f30 ajp-bio-51010-exec-75 Thread
112
19,208
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x126e7ff8 ajp-bio-51010-exec-26 Thread
112
19,200
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x1297dd60 ajp-bio-51010-exec-78 Thread
112
20,592
<Java Local> org.apache.tomcat.util.threads.TaskThread @ 0x12d3a818 ajp-bio-51010-exec-73 Thread
112
21,304
service class coldfusion.runtime.AppHelper @ 0x12fae868 »
112
1,032
clientScope class coldfusion.server.ServiceFactory @ 0x11047060 »
96
55,184
Total: 15 entries
Accumulated Objects
Class Name
Shallow Heap
Retained Heap
Percentage
coldfusion.runtime.ClientScopeServiceImpl @ 0x1212af08
88
838,847,880
88.33%
java.util.HashMap @ 0x1212d2f8
48
838,843,112
88.33%
java.util.HashMap$Entry[524288] @ 0x3b88e058
2,097,168
838,843,064
88.33%
java.util.HashMap$Entry @ 0x25370040
24
51,409,128
5.41%
java.util.HashMap$Entry @ 0x1b878cf8
24
12,173,192
1.28%
java.util.HashMap$Entry @ 0x15d049c8
24
10,685,760
1.13%
java.util.HashMap$Entry @ 0x41af3d98
24
10,587,208
1.11%
java.util.HashMap$Entry @ 0x3ff95918
24
10,443,664
1.10%
java.util.HashMap$Entry @ 0x43c422b0
24
9,886,280
1.04%
java.util.HashMap$Entry @ 0x3eec68a8
24
9,723,216
1.02%
java.util.HashMap$Entry @ 0x230c3078
24
9,254,288
0.97%
java.util.HashMap$Entry @ 0x2e36cab8
24
6,494,488
0.68%
java.util.HashMap$Entry @ 0x45e499e8
24
6,178,320
0.65%
java.util.HashMap$Entry @ 0x2a91c258
24
4,008,048
0.42%
java.util.HashMap$Entry @ 0x4260ee28
24
3,542,552
0.37%
java.util.HashMap$Entry @ 0x3dfb9e98
24
3,503,072
0.37%
java.util.HashMap$Entry @ 0x43f354a0
24
2,908,120
0.31%
java.util.HashMap$Entry @ 0x1adfb600
24
2,197,056
0.23%
java.util.HashMap$Entry @ 0x4469eee0
24
2,050,528
0.22%
java.util.HashMap$Entry @ 0x4443dea8
24
2,034,224
0.21%
java.util.HashMap$Entry @ 0x41b79ff0
24
1,846,808
0.19%
java.util.HashMap$Entry @ 0x40931b50
24
1,846,784
0.19%
java.util.HashMap$Entry @ 0x40c62310
24
1,846,784
0.19%
Total: 20 entries
480
162,619,520
0.171
Accumulated Objects by Class
Label
Number of Objects
Used Heap Size
Retained Heap Size
java.util.HashMap$Entry
First 10 of 190,465 objects
190,465
4,571,160
836,711,024
java.lang.String
First 10 of 253 objects
253
6,072
26,408
java.lang.reflect.Method
First 10 of 57 objects
57
4,560
4,560
coldfusion.runtime.ClientScope
All 1 objects
1
56
2,632
java.lang.Class[]
First 10 of 73 objects
73
1,248
1,248
coldfusion.runtime.ClientScopeKey
All 1 objects
1
24
24
java.lang.Class
All 2 objects
2
0
0
Total: 7 entries
190,852
4,583,120
836,745,896Hi Sharma,
Here's the settings summary from the console. The OOM issue is now happening about 1-2 times weekly after increasing the heap size. Before that it was almost daily. It seems we can go about 75-85 hours before we restart due to either OOM or blocked threads.
Settings Summary
Server Settings > Settings Summary
Report generated on Sep 25, 2014 12:08 PM
This report shows the status of all ColdFusion configuration settings. To display the area of the ColdFusion Administrator where you can edit the group settings, click any of the groups in the report.
System Information
Server Details
Server Product ColdFusion
Version ColdFusion 10,286680
Edition Enterprise
Operating System Windows 2003
OS Version 5.2
Update Level /D:/ColdFusion10/cfusion/lib/updates/chf10000012.jar
Adobe Driver Version 4.1 (Build 0001)
JVM Details
Java Version 1.7.0_15
Java Vendor Oracle Corporation
Java Vendor URL http://java.oracle.com/
Java Home D:\ColdFusion10\jre
Java File Encoding Cp1252
Java Default Locale en_US
File Separator \
Path Separator ;
Line Separator Chr(13)
User Name SYSTEM
User Home C:\Documents and Settings\Default User
User Dir D:\ColdFusion10\cfusion\bin
Java VM Specification Version 1.7
Java VM Specification Vendor Oracle Corporation
Java VM Specification Name Java Virtual Machine Specification
Java VM Version 23.7-b01
Java VM Vendor Oracle Corporation
Java VM Name Java HotSpot(TM) Server VM
Java Specification Version 1.7
Java Specification Vendor Oracle Corporation
Java Specification Name Java Platform API Specification
Java Class Version 51.0
CF Server Java Class Path ;D:/ColdFusion10/cfusion/lib/updates/chf10000012.jar; D:/ColdFusion10/cfusion/lib/ant-launcher.jar; D:/ColdFusion10/cfusion/lib/ant.jar; D:/ColdFusion10/cfusion/lib/antlr-2.7.6.jar; D:/ColdFusion10/cfusion/lib/apache-solr-core.jar; D:/ColdFusion10/cfusion/lib/apache-solr-solrj.jar; D:/ColdFusion10/cfusion/lib/asm-all-3.1.jar; D:/ColdFusion10/cfusion/lib/asn1.jar; D:/ColdFusion10/cfusion/lib/axis.jar; D:/ColdFusion10/cfusion/lib/backport-util-concurrent.jar; D:/ColdFusion10/cfusion/lib/bcel-5.1-jnbridge.jar; D:/ColdFusion10/cfusion/lib/bcel.jar; D:/ColdFusion10/cfusion/lib/bcmail-jdk14-139.jar; D:/ColdFusion10/cfusion/lib/bcprov-jdk14-139.jar; D:/ColdFusion10/cfusion/lib/cdo.jar; D:/ColdFusion10/cfusion/lib/cdohost.jar; D:/ColdFusion10/cfusion/lib/certj.jar; D:/ColdFusion10/cfusion/lib/cf-acrobat.jar; D:/ColdFusion10/cfusion/lib/cf-assembler.jar; D:/ColdFusion10/cfusion/lib/cf-logging.jar; D:/ColdFusion10/cfusion/lib/cf4was.jar; D:/ColdFusion10/cfusion/lib/cf4was_ae.jar; D:/ColdFusion10/cfusion/lib/cfusion-req.jar; D:/ColdFusion10/cfusion/lib/cfusion.jar; D:/ColdFusion10/cfusion/lib/chart.jar; D:/ColdFusion10/cfusion/lib/clibwrapper_jiio.jar; D:/ColdFusion10/cfusion/lib/commons-beanutils-1.8.0.jar; D:/ColdFusion10/cfusion/lib/commons-codec-1.3.jar; D:/ColdFusion10/cfusion/lib/commons-collections-3.2.1.jar; D:/ColdFusion10/cfusion/lib/commons-compress-1.0.jar; D:/ColdFusion10/cfusion/lib/commons-digester-2.0.jar; D:/ColdFusion10/cfusion/lib/commons-discovery-0.4.jar; D:/ColdFusion10/cfusion/lib/commons-httpclient-3.1.jar; D:/ColdFusion10/cfusion/lib/commons-lang-2.4.jar; D:/ColdFusion10/cfusion/lib/commons-logging-1.1.1.jar; D:/ColdFusion10/cfusion/lib/commons-logging-api-1.1.1.jar; D:/ColdFusion10/cfusion/lib/commons-net-3.0.1.jar; D:/ColdFusion10/cfusion/lib/commons-vfs2-2.0.jar; D:/ColdFusion10/cfusion/lib/crystal.jar; D:/ColdFusion10/cfusion/lib/derby.jar; D:/ColdFusion10/cfusion/lib/derbyclient.jar; D:/ColdFusion10/cfusion/lib/derbynet.jar; D:/ColdFusion10/cfusion/lib/derbyrun.jar; D:/ColdFusion10/cfusion/lib/derbytools.jar; D:/ColdFusion10/cfusion/lib/dom4j-1.6.1.jar; D:/ColdFusion10/cfusion/lib/dpHibernate.jar; D:/ColdFusion10/cfusion/lib/ehcache-core-2.5.1.jar; D:/ColdFusion10/cfusion/lib/ehcache-web-2.0.4.jar; D:/ColdFusion10/cfusion/lib/esapi-2.0.1.jar; D:/ColdFusion10/cfusion/lib/EWSAPI-1.1.5.jar; D:/ColdFusion10/cfusion/lib/FCSj.jar; D:/ColdFusion10/cfusion/lib/flashgateway.jar; D:/ColdFusion10/cfusion/lib/flex-messaging-common.jar; D:/ColdFusion10/cfusion/lib/flex-messaging-core.jar; D:/ColdFusion10/cfusion/lib/flex-messaging-opt.jar; D:/ColdFusion10/cfusion/lib/flex-messaging-proxy.jar; D:/ColdFusion10/cfusion/lib/flex-messaging-remoting.jar; D:/ColdFusion10/cfusion/lib/flex-rds-server.jar; D:/ColdFusion10/cfusion/lib/geronimo-stax-api_1.0_spec-1.0.1.jar; D:/ColdFusion10/cfusion/lib/hibernate3.jar; D:/ColdFusion10/cfusion/lib/httpclient-4.1.1.jar; D:/ColdFusion10/cfusion/lib/httpclient-cache-4.1.1.jar; D:/ColdFusion10/cfusion/lib/httpclient.jar; D:/ColdFusion10/cfusion/lib/httpcore_4.1.2.jar; D:/ColdFusion10/cfusion/lib/httpmime-4.1.1.jar; D:/ColdFusion10/cfusion/lib/ib6addonpatch.jar; D:/ColdFusion10/cfusion/lib/ib6core.jar; D:/ColdFusion10/cfusion/lib/ib6http.jar; D:/ColdFusion10/cfusion/lib/ib6swing.jar; D:/ColdFusion10/cfusion/lib/ib6util.jar; D:/ColdFusion10/cfusion/lib/im.jar; D:/ColdFusion10/cfusion/lib/iText.jar; D:/ColdFusion10/cfusion/lib/iTextAsian.jar; D:/ColdFusion10/cfusion/lib/izmado.jar; D:/ColdFusion10/cfusion/lib/jai_codec.jar; D:/ColdFusion10/cfusion/lib/jai_core.jar; D:/ColdFusion10/cfusion/lib/jai_imageio.jar; D:/ColdFusion10/cfusion/lib/jakarta-oro-2.0.6.jar; D:/ColdFusion10/cfusion/lib/jakarta-slide-webdavlib-2.1.jar; D:/ColdFusion10/cfusion/lib/java-xmlbuilder-0.4.jar; D:/ColdFusion10/cfusion/lib/javasysmon-0.3.3.jar; D:/ColdFusion10/cfusion/lib/jax-qname.jar; D:/ColdFusion10/cfusion/lib/jaxb-api.jar; D:/ColdFusion10/cfusion/lib/jaxb-impl.jar; D:/ColdFusion10/cfusion/lib/jaxb-libs.jar; D:/ColdFusion10/cfusion/lib/jaxb-xjc.jar; D:/ColdFusion10/cfusion/lib/jaxrpc.jar; D:/ColdFusion10/cfusion/lib/jcifs-1.3.15.jar; D:/ColdFusion10/cfusion/lib/jdom.jar; D:/ColdFusion10/cfusion/lib/jeb.jar; D:/ColdFusion10/cfusion/lib/jersey-core.jar; D:/ColdFusion10/cfusion/lib/jersey-server.jar; D:/ColdFusion10/cfusion/lib/jersey-servlet.jar; D:/ColdFusion10/cfusion/lib/jets3t-0.8.1.jar; D:/ColdFusion10/cfusion/lib/jetty-continuation-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jetty-http-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jetty-io-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jetty-security-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jetty-server-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jetty-servlet-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jetty-servlets-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jetty-util-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jetty-xml-7.0.0.v20091005.jar; D:/ColdFusion10/cfusion/lib/jintegra.jar; D:/ColdFusion10/cfusion/lib/jnbcore.jar; D:/ColdFusion10/cfusion/lib/jpedal.jar; D:/ColdFusion10/cfusion/lib/js.jar; D:/ColdFusion10/cfusion/lib/jsch-0.1.44m.jar; D:/ColdFusion10/cfusion/lib/jsr107cache.jar; D:/ColdFusion10/cfusion/lib/jsr311-api-1.1.1.jar; D:/ColdFusion10/cfusion/lib/jta.jar; D:/ColdFusion10/cfusion/lib/jutf7-0.9.0.jar; D:/ColdFusion10/cfusion/lib/ldap.jar; D:/ColdFusion10/cfusion/lib/ldapbp.jar; D:/ColdFusion10/cfusion/lib/log4j-1.2.15.jar; D:/ColdFusion10/cfusion/lib/lucene-analyzers-3.4.0.jar; D:/ColdFusion10/cfusion/lib/lucene-core-3.4.0.jar; D:/ColdFusion10/cfusion/lib/lucene-highlighter-3.4.0.jar; D:/ColdFusion10/cfusion/lib/lucene-memory-3.4.0.jar; D:/ColdFusion10/cfusion/lib/lucenedemo.jar; D:/ColdFusion10/cfusion/lib/macromedia_drivers.jar; D:/ColdFusion10/cfusion/lib/mail.jar; D:/ColdFusion10/cfusion/lib/metadata-extractor-2.4.0-beta-1.jar; D:/ColdFusion10/cfusion/lib/mlibwrapper_jai.jar; D:/ColdFusion10/cfusion/lib/msapps.jar; D:/ColdFusion10/cfusion/lib/mysql-connector-java-commercial-5.1.17-bin.jar; D:/ColdFusion10/cfusion/lib/namespace.jar; D:/ColdFusion10/cfusion/lib/nekohtml.jar; D:/ColdFusion10/cfusion/lib/netty-3.2.5.Final.jar; D:/ColdFusion10/cfusion/lib/ooxml-schemas.jar; D:/ColdFusion10/cfusion/lib/pdfencryption.jar; D:/ColdFusion10/cfusion/lib/poi-contrib.jar; D:/ColdFusion10/cfusion/lib/poi-ooxml-schemas.jar; D:/ColdFusion10/cfusion/lib/poi-ooxml.jar; D:/ColdFusion10/cfusion/lib/poi-scratchpad.jar; D:/ColdFusion10/cfusion/lib/poi.jar; D:/ColdFusion10/cfusion/lib/portlet_20.jar; D:/ColdFusion10/cfusion/lib/postgresql-8.3-604.jdbc3.jar; D:/ColdFusion10/cfusion/lib/quartz.jar; D:/ColdFusion10/cfusion/lib/relaxngDatatype.jar; D:/ColdFusion10/cfusion/lib/ri_generic.jar; D:/ColdFusion10/cfusion/lib/rome-cf.jar; D:/ColdFusion10/cfusion/lib/saaj.jar; D:/ColdFusion10/cfusion/lib/saxon9he.jar; D:/ColdFusion10/cfusion/lib/serializer.jar; D:/ColdFusion10/cfusion/lib/slf4j-api-1.5.6.jar; D:/ColdFusion10/cfusion/lib/slf4j-log4j12-1.5.6.jar; D:/ColdFusion10/cfusion/lib/smack.jar; D:/ColdFusion10/cfusion/lib/smpp.jar; D:/ColdFusion10/cfusion/lib/STComm.jar; D:/ColdFusion10/cfusion/lib/tagsoup-1.2.jar; D:/ColdFusion10/cfusion/lib/tika-core-0.6.jar; D:/ColdFusion10/cfusion/lib/tika-parsers-0.6.jar; D:/ColdFusion10/cfusion/lib/tools.jar; D:/ColdFusion10/cfusion/lib/tt-bytecode.jar; D:/ColdFusion10/cfusion/lib/wc50.jar; D:/ColdFusion10/cfusion/lib/webchartsJava2D.jar; D:/ColdFusion10/cfusion/lib/wsdl4j-1.6.2.jar; D:/ColdFusion10/cfusion/lib/wsrp4j-commons-0.5-SNAPSHOT.jar; D:/ColdFusion10/cfusion/lib/wsrp4j-producer.jar; D:/ColdFusion10/cfusion/lib/xalan.jar; D:/ColdFusion10/cfusion/lib/xercesImpl.jar; D:/ColdFusion10/cfusion/lib/xml-apis.jar; D:/ColdFusion10/cfusion/lib/xmlbeans-2.3.0.jar; D:/ColdFusion10/cfusion/lib/xmpcore.jar; D:/ColdFusion10/cfusion/lib/xsdlib.jar; D:/ColdFusion10/cfusion/lib/; D:/ColdFusion10/cfusion/lib/axis2/axiom-api-1.2.13.jar; D:/ColdFusion10/cfusion/lib/axis2/axiom-dom-1.2.13.jar; D:/ColdFusion10/cfusion/lib/axis2/axiom-impl-1.2.13.jar; D:/ColdFusion10/cfusion/lib/axis2/axis2-adb-1.7.0.jar; D:/ColdFusion10/cfusion/lib/axis2/axis2-adb-codegen-1.7.0.jar; D:/ColdFusion10/cfusion/lib/axis2/axis2-codegen-1.7.0.jar; D:/ColdFusion10/cfusion/lib/axis2/axis2-jaxws-1.7.0.jar; D:/ColdFusion10/cfusion/lib/axis2/axis2-kernel-1.7.0.jar; D:/ColdFusion10/cfusion/lib/axis2/axis2-transport-http-1.7.0.jar; D:/ColdFusion10/cfusion/lib/axis2/axis2-transport-local-1.7.0.jar; D:/ColdFusion10/cfusion/lib/axis2/commons-fileupload-1.2.jar; D:/ColdFusion10/cfusion/lib/axis2/commons-io-1.4.jar; D:/ColdFusion10/cfusion/lib/axis2/geronimo-ws-metadata_2.0_spec-1.1.2.jar; D:/ColdFusion10/cfusion/lib/axis2/httpcore-4.0.jar; D:/ColdFusion10/cfusion/lib/axis2/neethi-3.0.2.jar; D:/ColdFusion10/cfusion/lib/axis2/woden-api-1.0.jar; D:/ColdFusion10/cfusion/lib/axis2/woden-impl-commons-1.0.jar; D:/ColdFusion10/cfusion/lib/axis2/woden-impl-dom-1.0.jar; D:/ColdFusion10/cfusion/lib/axis2/wsdl4j-1.6.2.jar; D:/ColdFusion10/cfusion/lib/axis2/wstx-asl-3.2.9.jar; D:/ColdFusion10/cfusion/lib/axis2/XmlSchema-1.4.8.jar; D:/ColdFusion10/cfusion/lib/axis2/; D:/ColdFusion10/cfusion/gateway/lib/examples.jar; D:/ColdFusion10/cfusion/gateway/lib/; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/flex/jars/cfgatewayadapter.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/flex/jars/concurrent.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/flex/jars/; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/batik-awt-util.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/batik-css.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/batik-ext.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/batik-transcoder.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/batik-util.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/commons-discovery.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/commons-logging.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/concurrent.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/flex.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/jakarta-oro-2.0.7.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/jcert.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/jnet.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/jsse.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/oscache.jar; D:/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/jars/;
Java Class Path D:\\ColdFusion10\\cfusion\lib\oosdk\lib;
D:\\ColdFusion10\\cfusion\lib\oosdk\classes;
D:\ColdFusion10\cfusion\bin\..\runtime\bin\tomcat-juli.jar;
D:\ColdFusion10\cfusion\bin\cf-bootstrap.jar
Java Ext Dirs D:\ColdFusion10\jre\lib\ext;C:\WINDOWS\Sun\Java\lib\ext
Printer Details
Default Printer
Printers
Server Information
General Settings
Timeout requests Yes
Enable Per App Settings Yes
Request Time Limit 120 seconds
Use UUID for CFToken Yes
Disable Service Factory No
Protect serialized JSON No
Protect Serialized JSON Prefix //
Missing Template Handler /404b.cfm
Site-wide Error Handler /errorCatch.cfm
Enable HTTP status codes Yes
Enable Global Script Protection Yes
ORMSearch Index Directory
Default CFForm ScriptSrc Directory /CFIDE/scripts/
Google Map Key
Maximum size of post data 100 MB
Request Throttle Threshold 4 MB
Request Throttle Memory 200 MB
Request Tuning
Simultaneous request limit 20
Flash Remoting request limit 5
Web Service request limit 20
CFC request limit 20
CFThread Pool Size 10
Maximum number of report threads 8
Request Queue Timeout 120 seconds
Request Queue Timeout Page
Caching
Template cache size 150 templates
Enable trusted cache No
Cached query limit 500
Save Class Files Yes
Client Variable Settings
Default client variable store ecom
Purge Interval 1 hours 7 minutes
Client Stores
Registry
Type REGISTRY
Description System registry.
Purge data after time limit Yes
Time limit 90 days
Disable global updates No
ecom
Type JDBC
Description
Purge data after time limit No
Time limit 2 days
Disable global updates Yes
Cookie
Type COOKIE
Description Client based text file.
Purge data after time limit Yes
Time limit 10 days
Disable global updates No
Memory Variables
J2EE Sessions No
Application Variables
Enable Application Variables Yes
Default Timeout 2,0,0,0
Maximum Timeout 2,0,0,0
Session Variables
Enable session variables Yes
Default Timeout 0,0,20,0
Maximum Timeout 2,0,0,0
ColdFusion Mappings
/gateway D:\ColdFusion10\cfusion\gateway\cfc
/CFIDE D:\ColdFusion10\cfusion\wwwroot\CFIDE
Mail Connection Settings
Default Server Port 25
Connection Timeout 60 seconds
Spool Interval 30 seconds
Mail Delivery Threads 10
Maintain Connection to Mail Server Yes
Spool Messages To disk
Max Messages Spooled to Memory 50000
Default CFMail Charset UTF-8
Use SSL Connection No
Use TLS No
Default Mail Server
smtp.example.com
Server smtp.example.com
Port 25
Username
Password
Backup Mail Servers
smtp-backup.example.com
Server smtp-backup.example.com
Port 25
Username
Password
Mail Logging Settings
Log Severity warning
Log all E-mail messages sent by ColdFusion Yes
Charting
Cache Type disk images
Maximum number of images in cache 50 images
Maximum number of charting threads 4
Disk cache location D:\ColdFusion10\cfusion\charting\cache
Data & Services
Database Data Sources
GES
CF data source name GES
Description
Driver MSSQLServer
JDBC URL jdbc:macromedia:sqlserver://MSSQL:1433;databaseName=GES;SelectMethod=direct;sendStringPar ametersAsUnicode=false;querytimeout=0;MaxPooledStatements=100
Username sa
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
cfcodeexplorer
CF data source name cfcodeexplorer
Description
Driver Apache Derby Embedded
JDBC URL jdbc:derby:D:\ColdFusion10\cfusion\db\cfcodeexplorer;create=false
Username
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
ecom
CF data source name ecom
Description
Driver
JDBC URL jdbc:macromedia:oracle://10.10.120.13:1521;serviceName=ecom;alternateServers=(10.10.120.1 4:1521);loadBalancing=true
Username user
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
cfbookclub
CF data source name cfbookclub
Description
Driver Apache Derby Embedded
JDBC URL jdbc:derby:D:\ColdFusion10\cfusion\db\bookclub;create=false
Username
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
ecomd
CF data source name ecomd
Description
Driver Oracle
JDBC URL jdbc:macromedia:oracle://ORACLE:1521;SID=ecomd;AuthenticationMethod=userIDPassword;sendSt ringParametersAsUnicode=false;querytimeout=0;MaxPooledStatements=100
Username ges
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
GES_New
CF data source name GES
Description
Driver MSSQLServer
JDBC URL jdbc:macromedia:sqlserver://MSSQL\MSSQL:1433;databaseName=GES;SelectMethod=direct;sendStr ingParametersAsUnicode=false;querytimeout=0;MaxPooledStatements=100
Username user
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
E1_Oracle
CF data source name E1
Description
Driver Oracle
JDBC URL jdbc:macromedia:oracle://ORACLE:1516;SID=E1;AuthenticationMethod=userIDPassword;sendStrin gParametersAsUnicode=false;querytimeout=0;MaxPooledStatements=100
Username user
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
cfdocexamples
CF data source name cfdocexamples
Description
Driver Apache Derby Embedded
JDBC URL jdbc:derby:D:\ColdFusion10\cfusion\db\cfdocexamples;create=false
Username
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
cfartgallery
CF data source name cfartgallery
Description
Driver Apache Derby Embedded
JDBC URL jdbc:derby:D:\ColdFusion10\cfusion\db\artgallery;create=false
Username
Login timeout 30 seconds
Long text buffer size 64000
Timeout 1200 seconds
Maintain connections Yes
Interval 420 seconds
Restricted SQL operations
Disable connections No
Web Services
Debugging & Logging
Debugging Settings
Enable debugging No
Enable Robust Exception Information No
Display format classic.cfm
Execution times Yes
Execution time format summary
Execution time highlight threshold 250 ms
Database activity Yes
Exception information Yes
Tracing information Yes
Timer Information No
Variables Yes
Variables
Application Yes
CGI Yes
Client Yes
Cookie Yes
Form Yes
Request Yes
Server No
Session No
URL Yes
Debugging IP Addresses
Debugging IP Address Restrictions
Line Debugger Settings
Allow Line Debugging NO
Debugger Port 5005
Max Simultaneous Debugging Sessions 5
Logging Settings
Log directory D:\ColdFusion10\cfusion\logs
Maximum file size 5000 KB
Maximum number of archives 10
Log slow pages Yes
Slow page time limit 60 seconds
Log CORBA calls No
Log scheduled tasks No
Schedule Tasks & Probes
Scheduled Tasks
Auto Replenish Notify S9 Order Min Levels Reached
Start Date 9/2/2014
End Date
Interval Daily
Start Time 2:05:00 AM
URL http://server1.example.com/index.cfm?fuseaction=rfid.SendReplenishEmails
Username
Timeout
Proxy Server
Proxy Port 80
Save output to file No
Publish path
Publish filename
Resolve URLs No
Auto Replenish Notify Customer Badge Replenishment
Start Date 9/2/2014
End Date
Interval Daily
Start Time 2:00:00 AM
URL http://server1.example.com/uri1/act_notifyUserBadge.cfm
Username
Timeout
Proxy Server
Proxy Port 80
Save output to file No
Publish path
Publish filename
Resolve URLs No
Auto Replenish
Start Date 9/2/2014
End Date
Interval Daily
Start Time 2:10:00 AM
URL http://server1.example.com/uri1/uri2/uri3/Replenish2.cfm
Username
Timeout
Proxy Server
Proxy Port 80
Save output to file No
Publish path
Publish filename
Resolve URLs No
Contact Updates and Registrations
Start Date 9/2/2014
End Date
Interval 65
Start Time 12:05:00 AM
URL http://server1.example.com/index.cfm?fuseaction=intCRM.sendCRMObjects
Username
Timeout
Proxy Server
Proxy Port 80
Save output to file No
Publish path
Publish filename
Resolve URLs No
System Probes
Extensions
Java Applets
CFX Tags
cfx_xml2cfx
Tag name cfx_xml2cfx
Description
Type CPP
Server library c:\cfusion8\cfx\xml2cfx\cfx_xml2cfx.dll
Keep library loaded true
Procedure ProcessTagRequest
cfx_encrypt_aes
Tag name cfx_encrypt_aes
Description DB encryption library
Type CPP
Server library C:\cfusion8\cfx\aes\cfx_encrypt_aes.dll
Keep library loaded true
Procedure ProcessTagRequest
cfx_exec
Tag name cfx_exec
Description
Type CPP
Server library c:\CFusion8\cfx\exec\cfx_exec.dll
Keep library loaded true
Procedure ProcessTagRequest
Custom Tag Paths
D:\web\app1\app2\app3\activedit3
D:\ColdFusion10\cfusion/CustomTags
D:\ColdFusion8\CustomTags
CORBA
Selected connector [ none]
Connectors
Event Gateways
Settings
Enable Event Gateway Yes
Thread Pool Size 10
Max Queue Size 25000
Gateway Types
SMS
Description Handles SMS text messaging
Class coldfusion.eventgateway.sms.SMSGateway
Timeout 30 seconds
Kill On Timeout Yes
XMPP
Description Handles XMPP instant messaging
Class coldfusion.eventgateway.im.XMPPGateway
Timeout 30 seconds
Kill On Timeout Yes
SAMETIME
Description Handles Lotus SAMETIME instant messaging
Class coldfusion.eventgateway.im.SAMETIMEGateway
Timeout 30 seconds
Kill On Timeout Yes
DirectoryWatcher
Description Watches a directory for file changes
Class examples.watcher.DirectoryWatcherGateway
Timeout 30 seconds
Kill On Timeout Yes
Socket
Description Listens on a socket
Class examples.socket.SocketGateway
Timeout 30 seconds
Kill On Timeout Yes
CFML
Description Handles asynchronous events through CFCs
Class coldfusion.eventgateway.cfml.CfmlGateway
Timeout 30 seconds
Kill On Timeout Yes
JMS
Description Handles Java Messaging Service messages
Class examples.JMS.JMSGateway
Timeout 30 seconds
Kill On Timeout Yes
ActiveMQ
Description Handles Apache ActiveMQ JMS messages
Class examples.ActiveMQ.JMSGateway
Timeout 30 seconds
Kill On Timeout Yes
DataServicesMessaging
Description Handles Data Services Messaging messages
Class coldfusion.eventgateway.flex.FlexMessagingGateway
Timeout 30 seconds
Kill On Timeout No
FMS
Description Handles Flash Media Server shared objects
Class coldfusion.eventgateway.fms.FMSGateway
Timeout 30 seconds
Kill On Timeout Yes
DataManagement
Description Notifies Data Management Services of data changes
Class coldfusion.eventgateway.flex.FlexDataManagementGateway
Timeout 30 seconds
Kill On Timeout Yes
Security
CF Admin Authentication
Enable authentication for the ColdFusion Administrator Yes
Allow access to ColdFusion Administrator with a Single password No
RDS Authentication
Enable authentication for RDS access Yes
Allow access through RDS with Single password Yes
Security Sandboxes
Enable ColdFusion Security No
jvm.config
# VM configuration
# Where to find JVM, if {java.home}/jre exists then that JVM is used
# if not then it must be the path to the JRE itself
java.home=D:\\ColdFusion10\\jre
application.home=D:\\ColdFusion10\\cfusion
# If no java.home is specified a VM is located by looking in these places in this
# order:
# 1) ../runtime/jre
# 2) registry (windows only)
# 3) JAVA_HOME env var plus jre (ie $JAVA_HOME/jre)
# 4) java.exe in path
# Arguments to VM
java.args=-server -Xms768m -Xmx1280m -XX:MaxPermSize=192m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dges.config.serverEnvironment=prod2 -Dges.config.webServerHostName=server1.example.com -Dcom.sun.management.jmxremote.port=8880 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcoldfusion.classPath={application.home}/lib/updates,{application.home}/lib,{application .home}/lib/axis2,{application.home}/gateway/lib/,{application.home}/wwwroot/WEB-INF/flex/j ars,{application.home}/wwwroot/WEB-INF/cfform/jars
# Comma separated list of shared library path
java.library.path={application.home}/lib,{application.home}/jintegra/bin,{application.home }/jintegra/bin/international,{application.home}/lib/oosdk/classes/win
java.class.path={application.home}/lib/oosdk/lib,{application.home}/lib/oosdk/classes -
Links not Working on ColdFusion Support Center
Does anyone know why none of the links to the articles here are not working? http://www.adobe.com/support/coldfusion/security.html
For example... the article... Top Five ColdFusion Security Issues
http://www.adobe.com/devnet/server_archive/articles/top5_cf_security_issues.html
This is also true of the TechNotes
Thanks.Hi,
Thank you for letting us know. We are checking these.
Regards,
Anit Kumar -
I have a ColdFusion 8.0.1 server with Cumulative Hot Fix 4 installed. I installed the hotfix for APSB11-04 yesterday and now any use of the cfNTauthenticate tag generates errors.
I have a CFM that contains only the following code:
<cfntauthenticate
username="test"
password="test"
domain="test"
/>
When I try to execute the CFM I get a "JRun Servlet Error" with a stack trace that starts like this:
ROOT CAUSE:
java.lang.NoClassDefFoundError: Could not initialize class coldfusion.security.NTAuthentication
at coldfusion.tagext.security.NTAuthenticateTag.doStartTag(NTAuthenticateTag.java:161)
at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2661)
I then created a separate CFM with the following code:
<cfobject
class = "coldfusion.security.NTAuthentication"
type = "Java"
name = "test"
action = "create"
/>
Which executes without generating any errors. If I remove hf801-00002.jar from {cf-root}/lib/updates and restart the ColdFusion service then the cfNTauthenticate example above will execute without any problem. The only other JAR in my {cf-root}/lib/updates folder is chf8010004.jar. Enabling or disabling the "Disable access to internal ColdFusion Java components" option in ColdFusion Administrator does not affect the situation. Nor does using the latest JRE versus the JRE that shipped with CF8.0.1.
I have a custom tag that uses jrun.security.NTAuth to recreate cfNTauthenticate's functionality in place as a workaround at the moment, but I would like to know if there's anything I can do to resolve this issue.Some further notes. The very first time I try to run code with cfNTauthenticate after the CF service is restarted I get the following stack trace:
ROOT CAUSE:
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at coldfusion.runtime.java.JavaProxy.CreateObject(JavaProxy.java:168)
at coldfusion.runtime.java.JavaProxy.invoke(JavaProxy.java:75)
at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2272)
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission C:\ColdFusion8\runtime\..\lib\cfwindowslogin.dll read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at coldfusion.bootstrap.BootstrapClassLoader.findLibrary(BootstrapClassLoader.java:165)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1705)
at java.lang.Runtime.loadLibrary0(Runtime.java:823)
at java.lang.System.loadLibrary(System.java:1028)
at coldfusion.security.NTAuthentication.<clinit>(NTAuthentication.java:147)
... 37 more
After the first attempt, all future attempts generate the error given in my previous post.
I went back into the ColdFusion Administrator and disabled sandbox security and restarted the service. This time my cfNTauthenticate tag ran fine without any problems on the server with the hf801-00002 hotfix.
I then reenabled sandbox security and went into the Files/Dir tab and added a rule that allows read access to c:\coldfusion8\lib\cfwindowslogin.dll and restarted the CF service. My cfNTauthenticate code worked.
So now my question is if I have sandbox security enabled, what rules do I need to add to keep ColdFusion working? Is there any documentation on that?
In the past I've had to add rules for c:\coldfusion8\runtime\servers\coldfusion\server-inf\temp\- (where file uploads are temporarily stored) and C:\ColdFusion8\wwwroot\- and c:\coldfusion8\customtags\. I'm trying to keep the server as locked down as possible, which is why I'm trying to avoid a rule to just allow read access to everything in c:\coldfusion8\. Any suggestions would be appreciated. -
I downloaded a document and now it is secured and I cannot edit it
Every new adobe document that I download is secured I don't understand why?
susanp1515 wrote:
Yes they are opening secured, example I am a realtor I create a contract and save it when I go back to edit it now it doesn't allow me to make changes. But I've done it before, that's why I'm confused I think I just did an adobe update and then the problem started.
Still not much info to go on but if I had to guess, it sounds like you may be using Adobe Acrobat (Pro or Standard) or some other pdf generating software to create the pdf and then trying to edit it using Adobe Acrobat Reader which basically cannot edit files.
To be sure we would need more info...
How exactly are you creating these files (describe your process)?
What do you mean by it doesn't allow you to make changes? What kind of changes are you trying to make? What happens when you try and make them?
What version of Adobe Acrobat or Adobe Acrobat Reader do you have?
When you open the pdf, what software is being used to open it? -
I have seen a few posts on similar problems in the Flex 2
forums, but unfortunately no solution that would help me!
Everything is working perfectly if I run Flex 3 on the same
server as Cf is installed but if I try to set up the Flex project
on my workstation I only get "Invalid root. The WEB-INF/flex folder
must contain either flex-config.xml or services-config.xml."!
So, obviously there is something wrong in how I specify the
web root and url. I am running the J2EE version of CF and the IIS
instead of the built-in webserver. I have tried so many different
settings, changing the location of the config file, switching to
the cf webserver, verifying that I can browse to the same location
and that the flash2gateway is correct...
Does anyone know how I should configure this correctly?
Hi, JohanHi Eastweb,
I presume you have Flex Builder Beta 3. I think you should
choose CF with ColdFusion Flash Remoting on the first page of the
wizard. Second page of the wizard you should select:
- Deployed to J2EE server;
- Web root - browse to IIS web root folder
- uncheck ColdFusion WAR is located in Web root and browse to
WAR folder of the deployed ColdFusion (for example
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\).
This should do the trick.
regards,
Mihai
Maybe you are looking for
-
So a long time ago I accidentally deleted the mail app from my computer. How do I get it back? My computer is an old MacBook running on Mac OS X 10.5.8.
-
Can I use UK iPhone in Canada with a Canadian Sim Card
I have an iPhone 4 that was previously on an O2 contract in the UK. The contract is coming up to expiry and I have contacted O2 and they are now currently in the process of unlocking it. The phone was originally purchased through O2, not throught the
-
Ultrasearch with Standard edition
Can someone please confirm whether or not Ultra Search can be configured with the Standard edition of the 10gR2 database ? I was not able to run the configuration from the companion CD against a Standard database, only against an Enterprise edition.
-
Having a major problem with Chameleon and CS4 and CS5. When I run the program out of CS4 or CS5: 1) The Grab Fragment seems to work. 2) When I open another photo and run Chameleon , Make Collage, I get 1. Unhandled exception! Crash dump saved to
-
My ipad shows only the loading sign
my ipad only shows the loading sign, the sign keeps turning and i can't seem to turn it on. i don't know what to do