System information

ManualsBrandsMACROMEDIA ManualsComputer equipmentCOLDFUSION 5 - INSTALING AND CONFIGURING SERVER

Adobe documentation - Confidential

Setting

Default

Recommendation

Description

Default ScriptSrc

Directory

/CFIDE/scripts/

/somewhere-else/

See section 2.16 (Windows) or 3.4

(Linux).

Because the scripts directory also

contains CFML source code (such as

FCKeditor), you should move this

directory to a non-default location.

Allowed file

extensions for

CFInclude tag

Empty

Empty

This setting restricts the file

extensions which get compiled

(executed) by a cfinclude tag. By

default cfm files are allowed but all

other file extensions unless

specified here are statically

included, any CFML source code

would not be executed. Take care to

ensure that you have specified any

file extensions of files that contain

CFML code and are included with

cfinclude.

Missing Template

Handler

Blank or

/CFIDE/administr

ator/templates/m

issing_template_e

rror.cfm

Specified

The missing template handler HTML

should be equivalent to the 404

error handler specified on your web

server.

When blank, the missing template

handler is not specified a potential

attacker may get a rough idea of the

ColdFusion version in use.

Site-wide Error

Handler

Blank or

/CFIDE/administr

ator/templates/se

cure_profile_erro

r.cfm

Specified

When blank, the site-wide error

handler may expose information

about the cause of exceptions.

Specify a custom site-wide error

handler that discloses the same

generic message to the user for all

exceptions. Be sure to log and

monitor the actual exceptions

thrown.

Adobe documentation - Confidential