Entries Tagged as “Administrator”
Applying Updates on a Locked down ColdFusion 10 Server
Administrator | Adobe ColdFusion 10 | ColdFusion | General | productivity | Updates
Note: This is valid from Hotfix 9 onwards.
Depending on the user account that you have used to Lock down your server, you might need to consider the following few more steps for providing appropriate permissions to be able to apply the updates from ColdFusion Administrator.
Hotfix needs two things to be installed properly from ColdFusion Administrator.
1)
The user that is configured for ColdFusion Service should be permitted to
Start/Stop the service. More on this to setup is explained below.
2) Since ColdFusion runs with the user you have setup for ColdFusion service, that user should have write/delete/update permissions for some of the ColdFusion directories. Notably, till now (Hotfix 9) the update files are there for the following directories:
<CFHome>\cfusion\bin\ (Write)
<CFHome>\cfusion\hf-updates\ (Write)
<CFHome>\cfusion\lib\ (Write)
<CFHome>\cfusion\lib\updates\ (Write + Delete)
<CFHome>\cfusion\runtime\lib\ (Write)
<CFHome>\cfusion\wwwroot\CFIDE\adminapi\ (Write)
<CFHome>\cfusion\wwwroot\CFIDE\administrator\ (Write)
<CFHome>\cfusion\wwwroot\CFIDE\componentutils\ (Write)
<CFHome>\cfusion\wwwroot\CFIDE\scripts\ (Write)
Note: New directories may or may not get added in the future Hotfixes but the above set will always be there for ColdFusion 10.
If you are running multi-instace scenario you have to set the same for all child instance folders and their service accounts
When lockdown guide is being imposed the above two requirements should also be implemented in order to be able to apply Hotfixes from the ColdFusion administrator.
Setting up the ColdFusion Service user as required in #1:
Down load and Install Windows tool named SubInACL.exe (Installer name is SubInACL.msi) to give service start/stop permissions from
http://www.microsoft.com/en-us/download/confirmation.aspx?id=23510
Once you install it, the tool subinacl.exe gets installed
under
C:\Program Files (x86)\Windows Resource Kits\Tools
Then, run the tool as follows from command prompt by
replacing <MachineName> and <username> with your username and machine
name.
a) For machine’s local user
C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl.exe /service "\\<MachineName>\ColdFusion 10 Application Server" /grant=<username>=TO
b) If the user is a Domain user you have to replace <Domainname> as well along with <MachineName>, <username> in the following command.
C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl.exe /service "\\<MachineName>\ColdFusion 10 Application Server" /grant=<Domainname>\<username>=TO
More details on this are explained in the below resource.
http://support.microsoft.com/default.aspx?scid=kb;en-us;288129
This is a one-time setup that you have to do.
Once this is done -> Restart ColdFusion service -> Open ColdFusion server Administrator -> Apply Update -> You should be able to apply the Hotfix successfully now.
New Critical ColdFusion security update for version 9 and above
Security | Administrator | Adobe ColdFusion | Adobe ColdFusion 10 | Announcements | Hotfix | web application security
A security update for ColdFusion is now available for versions 10, 9, 9.0.1 and 9.0.2. This hot-fix addresses issues reported in Advisory 13-03
If you are on ColdFusion 10, you will see a new update 10 within the ColdFusion administrator for you to download and install.
Adobe recommends users update their product installation with this update. Here's a link to the related security bulletin.
We highly recommend locking down public facing servers to prevent against unknown attacks. As an additional precaution, we recommend commenting RDS servlet in web.xml
Complete instructions for protecting server can be found accessed here. ColdFusion 10 Lockdown Guide, ColdFusion 9 Lockdown Guide
Video on Hotfix Installation in ColdFusion 10
Administrator | ColdFusion | Hotfix | Updates
Here is a quick video on the various Hotfix installation mechanisms in ColdFusion 10 by Adobe engineer Krishna Reddy
You can know more about how to download and install ColdFusion 10 hotfixes directly from this link
For more information on the hotfix installation mechanism ,please refer to the hotfix installation guide
-Viny
How to download and install ColdFusion 10 Hotfix directly?
Administrator | Adobe ColdFusion | Adobe ColdFusion 10
You can download the hotfix directly from the following URL (This example assumes that you want to download Hotfix 8)
http://download.adobe.com/pub/adobe/coldfusion/hotfix_008.jar
If you want to download earlier/newer hotfixes replace the jar path in the above URL with the hotfix number that you want.
Ex:- http://download.adobe.com/pub/adobe/coldfusion/hotfix_00<HFNumber>.jar
Download/Copy this hotfix_008.jar to a any directory on your machine where you want to maintain repository of Hotfix installers.
And then open the command prompt (with Run as Administrator" option for all Vista/Win7/Win8 family OSes
and in case of Mac OS X/Unix/Solaris you have to run hotfix with sudo user or root user.)
Then run the just downloaded jar file from command prompt:
First cd to where it is downloaded and then run as follows. Change path as per your installation.
>C:\ColdFusion10\jre\bin\java -jar hotfix_008.jar
JRE should be used or JDK should be used with ColdFusion 10 ?
Administrator | Adobe ColdFusion | Adobe ColdFusion 10 | ColdFusion | Docs | General | WebServices
There is a bit of confusion whether to use JRE or JDK with ColdFusion when you want to use an externally installed one.
This blog entry clarifies on whether to use jre7 or jdk7.
Note:Unless there is a specific reason, it is generally recommended to use the latest patched JRE/JDK of major Java version supported. As of 8th March 2013, for Java 1.7 the latest patched version is Java 1.7 Update 17.
The decision on whether JRE or JDK should be used is determined by whether JRE/JDK contains Server VM or not as ColdFusion runs only on top of Server VM. ColdFusion can't run on Client VM.
For all platforms, JRE that comes along with JDK contains server VM.
Even the public JRE that is available from Oracle contains Server VM for all platforms except for Windows 32-bit JRE.
So, from this it can be derived as follows:
1. For Win 64, Linux 32, Linux 64, Solaris 64-bit, Mac 64-bit you can use any of public JRE from Oracle or the JRE that is contained within JDK. We would recommend you to use Public JRE from Oracle. For Mac OS X there is an extra note below before which you want to conclude whether to use public JRE or JDK's JRE.
2. For Windows 32-bit, you can use the JRE that is contained within JDK
OR
You can use the Win 32- Public JRE by customizing it to contain Server VM.
(To customize it you can copy <JDK_HOME>\jre\bin\server\ directory and its content to Public JRE (jre\bin\server ). It would at same directory level as client directory.
Note for Mac OS X Installations:
For Mac also public JRE as well JDK contained JRE contains server VM.
If you are using Web Services you would need one file from JDK(tools.jar). JRE
doesn’t contain this file.
Since full version of ColdFusion 10 is shipped before Java 7 and Mac OS X
used to ship JDK earlier which contains this file by default, we never shipped
it along with ColdFusion installation.
With update 8 for Java 1.7 support on mac OS X, we are just copying this
tools.jar from installed JDK to <ColdFusion_Home>\cfusion\lib\.
Going forward we will be shipping it along with ColdFusion installer for Mac as
well but for ColdFusion 10 this file is not there.
So, consider using JRE or JDK depending on the need for Mac OS X
OR
Just use JRE itself and only if needed you can copy tools.jar(it is same for
all platforms) to <ColdFusion_Home>\cfusion\lib.
So if you are using ColdFusion 10 on Mac OS X with JRE 1.7 you might want to
copy tools.jar to <ColdFusion_Home>\cfusion\lib\