System information
Adobe documentation - Confidential
Setting
Default
Recommendation
Description
Watch configuration
files for changes
(check every N
seconds)
Unchecked
Unchecked
If your configuration requires this
setting to be enabled (if using
WebSphere ND vertical cluster for
example), increase the time to be as
large as possible.
If an attacker is able to modify the
configuration of your ColdFusion
server, their changes can become
active within a short period of time
when this setting is enabled.
Enable Global Script
Protection
Unchecked
Understand
limitations,
Checked
This setting provides very limited
protection against certain Cross Site
Scripting attack vectors. It is
important to understand that
enabling this setting does not
protect your site from all possible
Cross Site Scripting attacks.
When this setting is turned on it
uses a regular expression defined in
the file neo-security.xml to replace
input variables containing following
tags: object, embed, script, applet,
meta with InvalidTag. This setting
does not restrict any JavaScript
strings that may be injected and
executed, iframe tags, or any XSS
obfuscation techniques.
Disable creation of
unnamed
applications
Unchecked
Checked
Applications should have a name so
they can be isolated from each
other.
Allow adding
application variables
to Servlet Context
Unchecked
Unchecked
Keep unchecked to improve
application isolation.
Adobe documentation - Confidential