The server lockdown guide for ColdFusion 10 is now available on the Adobe website. The ColdFusion 10 Server Lockdown Guide will help server administrators secure their ColdFusion 10 installations. You will also find several tips and suggestions intended to improve the security of your ColdFusion server.
You can access the lockdown guide here.
While making a cfhttp call to a coldfusion server the apache httpclient library tries to generate a secure random number. It is an operation which depends on the "entropy" of the system.
In case of linux systems (mainly the ones which are freshly installed) it is observed that this operation can be quite time consuming because the system "entropy" is apparently quite low. Hence, as a consequence cfhttp calls will be slow.
Fortunately for people who deploy Coldfusion-10 on linux machines this is not a reason to worry. Just do one of the following:
1. Set this system property to your JVM – if you are using standalone CF installation, you would set it in jvm.config.
2. In $JAVA_HOME/jre/lib/security/java.security file, change the value of securerandom.source to file:/dev/./urandom
You can also refer to this post by Shilpi, from the ColdFusion team which talks about this issue
The ColdFusion 10 Update 5 is now available for install within your administrator. Update 5 is a security update that resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation.
Refer the security bulletin for all the details associated.
In this blog post we will talk how the CF web server connector (wsconfig) can and perhaps should be tuned relative to your environment.
I am pleased to announce a brand new community driven training program for ColdFusion - Learn CF in a week!
It is great to see Learn CF In a Week live from what started out as a conversation about training resources for ColdFusion between Simon and me at cf.Objective() this year.
Huge shout-out to Simon Free and other community experts for making this happen. I would like to call out all contributors from the community for this traning program that walks you through various concepts of ColdFusion as you build a fully functional ColdFusion website
• Emily Christiansen
• Tim Cunningham
• David Epler
• Sam Farmer
• Dave Ferguson
• Simon Free
• Paul Hastings
• Guust Nieuwenhuis
• Dan Skaggs
• Nic Tunney
• Adam Tuttle
• Dan Wilson
• Mark Esher
• Kristin Ferguson
• Tiffany Goebel
• Nick Borden
• Jim Priest
Go try out the training for yourself! And help spread the word!