System information
Adobe documentation - Confidential
Setting
Default
Recommendation
Description
Default ScriptSrc
Directory
/CFIDE/scripts/
/somewhere-else/
See section 2.16 (Windows) or 3.4
(Linux).
Because the scripts directory also
contains CFML source code (such as
FCKeditor), you should move this
directory to a non-default location.
Allowed file
extensions for
CFInclude tag
Empty
Empty
This setting restricts the file
extensions which get compiled
(executed) by a cfinclude tag. By
default cfm files are allowed but all
other file extensions unless
specified here are statically
included, any CFML source code
would not be executed. Take care to
ensure that you have specified any
file extensions of files that contain
CFML code and are included with
cfinclude.
Missing Template
Handler
Blank or
/CFIDE/administr
ator/templates/m
issing_template_e
rror.cfm
Specified
The missing template handler HTML
should be equivalent to the 404
error handler specified on your web
server.
When blank, the missing template
handler is not specified a potential
attacker may get a rough idea of the
ColdFusion version in use.
Site-wide Error
Handler
Blank or
/CFIDE/administr
ator/templates/se
cure_profile_erro
r.cfm
Specified
When blank, the site-wide error
handler may expose information
about the cause of exceptions.
Specify a custom site-wide error
handler that discloses the same
generic message to the user for all
exceptions. Be sure to log and
monitor the actual exceptions
thrown.
Adobe documentation - Confidential